Tech Support Forum - View Single Post - Constant Pop-ups

WeNeedToTalk · 10-12-2007, 11:11 AM

ComboFix 07-10-12.4 - Nick 2007-10-12 18:05:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1704 [GMT 1:00]
Running from: C:\Documents and Settings\Nick\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pack.epk
C:\WINDOWS\system32\mtbhflryee.dat
C:\WINDOWS\system32\mtbhflryee.exe
C:\WINDOWS\system32\mtbhflryee_nav.dat
C:\WINDOWS\system32\mtbhflryee_navps.dat
C:\WINDOWS\system32\nvs2.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.

2007-10-12 18:05 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 18:03 <DIR> d-------- C:\Deckard
2007-10-09 17:58 <DIR> d-------- C:\ie-spyad_zo
2007-10-09 17:56 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-09 16:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-09 10:08 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Dev-Cpp
2007-10-09 10:08 <DIR> d-------- C:\Dev-Cpp
2007-10-07 10:35 <DIR> d-------- C:\Program Files\WOWUploader
2007-10-07 10:35 <DIR> d-------- C:\Program Files\World of Warcraft
2007-10-07 10:35 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\WoWUploader
2007-10-07 09:58 <DIR> d-------- C:\Program Files\Cheat Engine
2007-10-07 09:58 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-10-07 09:58 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-10-01 09:13 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Free Download Manager
2007-10-01 09:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2007-09-29 12:25 <DIR> d-------- C:\Program Files\Common Files\Real
2007-09-28 17:08 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 17:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-09-28 17:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-09-28 03:13 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-28 03:12 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-28 03:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2007-09-28 03:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2007-09-24 12:56 <DIR> d-------- C:\Program Files\Rockstar Games
2007-09-24 08:54 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-24 08:35 <DIR> d-------- C:\Documents and Settings\Gtasasav\GTA San Andreas User Files
2007-09-24 08:31 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\ECSoftware
2007-09-24 08:30 <DIR> d-------- C:\Program Files\HexEdit
2007-09-24 08:13 <DIR> d-------- C:\Program Files\HHD Software
2007-09-24 08:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HHD Software
2007-09-20 06:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-09-20 06:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-09-20 06:54 <DIR> d-------- C:\Program Files\Replay Converter
2007-09-20 06:54 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-09-20 06:53 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\GetRightToGo
2007-09-19 11:30 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Apple Computer
2007-09-19 11:29 <DIR> d-------- C:\Program Files\QuickTime
2007-09-19 11:29 <DIR> d-------- C:\Program Files\iTunes
2007-09-19 11:29 <DIR> d-------- C:\Program Files\iPod
2007-09-19 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-19 11:28 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-09-19 11:28 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-19 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-18 09:48 <DIR> d-------- C:\Program Files\Bullfrog
2007-09-17 04:37 <DIR> d-------- C:\Program Files\Sierra
2007-09-16 08:53 <DIR> d-------- C:\Program Files\Electronic Arts
2007-09-16 08:47 <DIR> d-------- C:\Program Files\ACR
2007-09-15 22:53 <DIR> d-------- C:\Program Files\Free Download Manager
2007-09-14 05:16 506 --a------ C:\WINDOWS\eReg.dat
2007-09-13 21:19 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-09-12 16:44 <DIR> d-------- C:\Program Files\KONAMI
2007-09-12 07:01 <DIR> d--h----- C:\WINDOWS\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 13:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-12 13:09 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-10-10 08:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-10 08:31 --------- d-----w C:\Program Files\EA GAMES
2007-10-10 07:27 --------- d-----w C:\Program Files\Ares
2007-10-09 17:05 --------- d-----w C:\Program Files\Trend Micro
2007-10-09 09:38 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-08 12:27 --------- d-----w C:\Documents and Settings\Nick\Application Data\Xfire
2007-10-08 12:27 --------- d-----w C:\Documents and Settings\Nick\Application Data\teamspeak2
2007-10-04 13:42 --------- d-----w C:\Program Files\Xfire
2007-10-03 08:31 --------- d-----w C:\Program Files\DivX
2007-10-02 07:09 --------- d-----w C:\Documents and Settings\Nick\Application Data\LimeWire
2007-09-29 11:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-09-29 11:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-09-17 10:02 --------- d-----w C:\Program Files\WinAce
2007-09-17 08:55 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-17 04:21 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-09-17 04:21 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-09-17 03:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-16 05:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-16 05:22 --------- d-----w C:\Program Files\AGEIA Technologies
2007-09-16 03:16 --------- d-----w C:\Program Files\Warcraft III
2007-09-12 15:44 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2007-09-12 15:42 --------- d-----w C:\Program Files\Silkroad
2007-09-11 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2007-09-10 15:43 --------- d-----w C:\Program Files\EA Sports
2007-09-10 01:21 --------- d-----w C:\Program Files\MagicDisc
2007-09-09 04:49 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-09-09 04:48 --------- d-----w C:\Program Files\Red Storm Entertainment
2007-09-09 04:41 --------- d-----w C:\Program Files\MagicISO
2007-09-09 04:31 --------- d-----w C:\Program Files\XoftSpySE
2007-09-08 16:53 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-08 16:53 --------- d--h--r C:\Documents and Settings\Nick\Application Data\SecuROM
2007-09-08 04:05 --------- d-----w C:\Program Files\Common Files\Vbox
2007-09-08 04:05 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-07 03:29 --------- d-----w C:\Program Files\GameSpy Arcade
2007-09-05 14:36 --------- d-----w C:\Program Files\Common Files\DirectX
2007-09-05 14:34 --------- d-----w C:\Program Files\THQ
2007-09-05 03:13 --------- d-----w C:\Program Files\BitTorrent
2007-09-05 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-09-05 00:46 92,544 ----a-w C:\WINDOWS\system32\drivers\mcdbus.sys
2007-09-04 22:24 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-03 01:38 --------- d-----w C:\Program Files\Hide IP Platinum
2007-08-31 16:06 --------- d-----w C:\Documents and Settings\Nick\Application Data\dvdcss
2007-08-30 22:54 --------- d-----w C:\Documents and Settings\Nick\Application Data\DivX
2007-08-30 14:04 --------- d-----w C:\Program Files\PCFriendly
2007-08-30 14:04 --------- d-----w C:\Program Files\InterActual
2007-08-30 02:35 --------- d-----w C:\Documents and Settings\Nick\Application Data\BitTorrent
2007-08-30 01:05 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-08-27 16:26 --------- d-----w C:\Program Files\Monolith Productions
2007-08-26 21:15 --------- d-----w C:\Documents and Settings\Nick\Application Data\Talkback
2007-08-25 01:28 --------- d-----w C:\Program Files\TGTSoft
2007-08-25 01:07 --------- d-----w C:\Program Files\PokerStars
2007-08-24 01:49 --------- d-----w C:\Program Files\Deepblue7
2007-08-21 23:44 33,952 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2007-08-21 12:43 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-08-21 10:58 --------- d-----w C:\Documents and Settings\Nick\Application Data\uTorrent
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-20 23:52 --------- d-----w C:\Program Files\Gpotato
2007-08-20 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-08-20 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-20 01:51 --------- d-----w C:\Documents and Settings\Nick\Application Data\Media Player Classic
2007-08-18 23:49 --------- d-----w C:\Program Files\STOPzilla!
2007-08-18 23:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-08-15 15:42 --------- d-----w C:\Documents and Settings\Nick\Application Data\Ventrilo
2007-08-15 15:41 --------- d-----w C:\Program Files\Ventrilo
2007-08-15 12:56 5,120 ----a-w C:\WINDOWS\system32\drivers\23F3C66C-1946-46E5-8E13-20E002EDA22E.cxv
2007-08-15 00:49 --------- d-----w C:\Program Files\MobMapUpdater
2007-08-13 15:08 --------- d-----w C:\Program Files\CoD RconTool
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-26 02:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-07-26 02:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-07-26 02:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-07-19 16:22 77,824 ----a-w C:\WINDOWS\system32\PgmrX120.dll
2007-07-19 16:22 163,840 ----a-w C:\WINDOWS\system32\Pgmr120.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-31 10:47]
"nwiz"="nwiz.exe" [2006-08-31 10:47 C:\WINDOWS\system32\nwiz.exe]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"ares"="C:\Program Files\Ares\Ares.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nick^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Nick\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nick^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter® 2.LNK]
path=C:\Documents and Settings\Nick\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter® 2.LNK
backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter® 2.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\WINDOWS\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mtbhflryee]
c:\windows\system32\mtbhflryee.exe mtbhflryee

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Alarm Clock]
C:\Program Files\PC Alarm Clock\pcalarmclock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys
S3 NTProcDrv;Process creation detector for NT.;\??\C:\Documents and Settings\Nick\Desktop\NtProcDrv.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-08 10:48:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 18:07:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-12 18:07:45
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:27, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\KSE\nHancer 32bit\nHancerService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\KSE\nHancer 32bit\nHancerService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 5072 bytes

10-12-2007, 11:11 AM	#4 (permalink)
WeNeedToTalk Registered User Join Date: Oct 2007 Posts: 39 OS: XP	Re: Constant Pop-ups ComboFix 07-10-12.4 - Nick 2007-10-12 18:05:22.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1704 [GMT 1:00] Running from: C:\Documents and Settings\Nick\desktop\combofix.exe Command switches used :: /killall * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pack.epk C:\WINDOWS\system32\mtbhflryee.dat C:\WINDOWS\system32\mtbhflryee.exe C:\WINDOWS\system32\mtbhflryee_nav.dat C:\WINDOWS\system32\mtbhflryee_navps.dat C:\WINDOWS\system32\nvs2.inf . ((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 ))))))))))))))))))))))))))))))) . 2007-10-12 18:05 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-09 18:03 <DIR> d-------- C:\Deckard 2007-10-09 17:58 <DIR> d-------- C:\ie-spyad_zo 2007-10-09 17:56 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-09 16:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-09 10:08 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Dev-Cpp 2007-10-09 10:08 <DIR> d-------- C:\Dev-Cpp 2007-10-07 10:35 <DIR> d-------- C:\Program Files\WOWUploader 2007-10-07 10:35 <DIR> d-------- C:\Program Files\World of Warcraft 2007-10-07 10:35 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\WoWUploader 2007-10-07 09:58 <DIR> d-------- C:\Program Files\Cheat Engine 2007-10-07 09:58 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll 2007-10-07 09:58 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll 2007-10-01 09:13 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Free Download Manager 2007-10-01 09:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG 2007-09-29 12:25 <DIR> d-------- C:\Program Files\Common Files\Real 2007-09-28 17:08 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-09-28 17:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-09-28 17:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-09-28 03:13 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-09-28 03:12 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-09-28 03:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki 2007-09-28 03:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4 2007-09-24 12:56 <DIR> d-------- C:\Program Files\Rockstar Games 2007-09-24 08:54 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-09-24 08:35 <DIR> d-------- C:\Documents and Settings\Gtasasav\GTA San Andreas User Files 2007-09-24 08:31 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\ECSoftware 2007-09-24 08:30 <DIR> d-------- C:\Program Files\HexEdit 2007-09-24 08:13 <DIR> d-------- C:\Program Files\HHD Software 2007-09-24 08:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HHD Software 2007-09-20 06:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll 2007-09-20 06:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll 2007-09-20 06:54 <DIR> d-------- C:\Program Files\Replay Converter 2007-09-20 06:54 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-09-20 06:53 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\GetRightToGo 2007-09-19 11:30 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Apple Computer 2007-09-19 11:29 <DIR> d-------- C:\Program Files\QuickTime 2007-09-19 11:29 <DIR> d-------- C:\Program Files\iTunes 2007-09-19 11:29 <DIR> d-------- C:\Program Files\iPod 2007-09-19 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-09-19 11:28 <DIR> d-------- C:\Program Files\Common Files\Apple 2007-09-19 11:28 <DIR> d-------- C:\Program Files\Apple Software Update 2007-09-19 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-09-18 09:48 <DIR> d-------- C:\Program Files\Bullfrog 2007-09-17 04:37 <DIR> d-------- C:\Program Files\Sierra 2007-09-16 08:53 <DIR> d-------- C:\Program Files\Electronic Arts 2007-09-16 08:47 <DIR> d-------- C:\Program Files\ACR 2007-09-15 22:53 <DIR> d-------- C:\Program Files\Free Download Manager 2007-09-14 05:16 506 --a------ C:\WINDOWS\eReg.dat 2007-09-13 21:19 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-09-12 16:44 <DIR> d-------- C:\Program Files\KONAMI 2007-09-12 07:01 <DIR> d--h----- C:\WINDOWS\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-12 13:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-10-12 13:09 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-10-10 08:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-10 08:31 --------- d-----w C:\Program Files\EA GAMES 2007-10-10 07:27 --------- d-----w C:\Program Files\Ares 2007-10-09 17:05 --------- d-----w C:\Program Files\Trend Micro 2007-10-09 09:38 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-10-08 12:27 --------- d-----w C:\Documents and Settings\Nick\Application Data\Xfire 2007-10-08 12:27 --------- d-----w C:\Documents and Settings\Nick\Application Data\teamspeak2 2007-10-04 13:42 --------- d-----w C:\Program Files\Xfire 2007-10-03 08:31 --------- d-----w C:\Program Files\DivX 2007-10-02 07:09 --------- d-----w C:\Documents and Settings\Nick\Application Data\LimeWire 2007-09-29 11:25 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2007-09-29 11:25 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll 2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-09-17 10:02 --------- d-----w C:\Program Files\WinAce 2007-09-17 08:55 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-09-17 04:21 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2007-09-17 04:21 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2007-09-17 03:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-09-16 05:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-09-16 05:22 --------- d-----w C:\Program Files\AGEIA Technologies 2007-09-16 03:16 --------- d-----w C:\Program Files\Warcraft III 2007-09-12 15:44 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition 2007-09-12 15:42 --------- d-----w C:\Program Files\Silkroad 2007-09-11 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited 2007-09-10 15:43 --------- d-----w C:\Program Files\EA Sports 2007-09-10 01:21 --------- d-----w C:\Program Files\MagicDisc 2007-09-09 04:49 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll 2007-09-09 04:48 --------- d-----w C:\Program Files\Red Storm Entertainment 2007-09-09 04:41 --------- d-----w C:\Program Files\MagicISO 2007-09-09 04:31 --------- d-----w C:\Program Files\XoftSpySE 2007-09-08 16:53 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-09-08 16:53 --------- d--h--r C:\Documents and Settings\Nick\Application Data\SecuROM 2007-09-08 04:05 --------- d-----w C:\Program Files\Common Files\Vbox 2007-09-08 04:05 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-07 03:29 --------- d-----w C:\Program Files\GameSpy Arcade 2007-09-05 14:36 --------- d-----w C:\Program Files\Common Files\DirectX 2007-09-05 14:34 --------- d-----w C:\Program Files\THQ 2007-09-05 03:13 --------- d-----w C:\Program Files\BitTorrent 2007-09-05 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia 2007-09-05 00:46 92,544 ----a-w C:\WINDOWS\system32\drivers\mcdbus.sys 2007-09-04 22:24 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-09-03 01:38 --------- d-----w C:\Program Files\Hide IP Platinum 2007-08-31 16:06 --------- d-----w C:\Documents and Settings\Nick\Application Data\dvdcss 2007-08-30 22:54 --------- d-----w C:\Documents and Settings\Nick\Application Data\DivX 2007-08-30 14:04 --------- d-----w C:\Program Files\PCFriendly 2007-08-30 14:04 --------- d-----w C:\Program Files\InterActual 2007-08-30 02:35 --------- d-----w C:\Documents and Settings\Nick\Application Data\BitTorrent 2007-08-30 01:05 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-08-27 16:26 --------- d-----w C:\Program Files\Monolith Productions 2007-08-26 21:15 --------- d-----w C:\Documents and Settings\Nick\Application Data\Talkback 2007-08-25 01:28 --------- d-----w C:\Program Files\TGTSoft 2007-08-25 01:07 --------- d-----w C:\Program Files\PokerStars 2007-08-24 01:49 --------- d-----w C:\Program Files\Deepblue7 2007-08-21 23:44 33,952 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys 2007-08-21 12:43 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire 2007-08-21 10:58 --------- d-----w C:\Documents and Settings\Nick\Application Data\uTorrent 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-20 23:52 --------- d-----w C:\Program Files\Gpotato 2007-08-20 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2007-08-20 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2007-08-20 01:51 --------- d-----w C:\Documents and Settings\Nick\Application Data\Media Player Classic 2007-08-18 23:49 --------- d-----w C:\Program Files\STOPzilla! 2007-08-18 23:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla! 2007-08-15 15:42 --------- d-----w C:\Documents and Settings\Nick\Application Data\Ventrilo 2007-08-15 15:41 --------- d-----w C:\Program Files\Ventrilo 2007-08-15 12:56 5,120 ----a-w C:\WINDOWS\system32\drivers\23F3C66C-1946-46E5-8E13-20E002EDA22E.cxv 2007-08-15 00:49 --------- d-----w C:\Program Files\MobMapUpdater 2007-08-13 15:08 --------- d-----w C:\Program Files\CoD RconTool 2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-26 02:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-07-26 02:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-07-26 02:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-07-19 16:22 77,824 ----a-w C:\WINDOWS\system32\PgmrX120.dll 2007-07-19 16:22 163,840 ----a-w C:\WINDOWS\system32\Pgmr120.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-31 10:47] "nwiz"="nwiz.exe" [2006-08-31 10:47 C:\WINDOWS\system32\nwiz.exe] "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "ares"="C:\Program Files\Ares\Ares.exe" [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nick^Start Menu^Programs^Startup^MagicDisc.lnk] path=C:\Documents and Settings\Nick\Start Menu\Programs\Startup\MagicDisc.lnk backup=C:\WINDOWS\pss\MagicDisc.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nick^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter® 2.LNK] path=C:\Documents and Settings\Nick\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter® 2.LNK backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter® 2.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] "C:\Program Files\Ares\Ares.exe" -h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward] C:\WINDOWS\TBPanel.exe /A [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mtbhflryee] c:\windows\system32\mtbhflryee.exe mtbhflryee [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Alarm Clock] C:\Program Files\PC Alarm Clock\pcalarmclock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys S3 NTProcDrv;Process creation detector for NT.;\??\C:\Documents and Settings\Nick\Desktop\NtProcDrv.sys . Contents of the 'Scheduled Tasks' folder "2007-10-08 10:48:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-12 18:07:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-12 18:07:45 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:11:27, on 12/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\KSE\nHancer 32bit\nHancerService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\KSE\nHancer 32bit\nHancerService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- End of file - 5072 bytes