Tech Support Forum - View Single Post

budsy · 12-11-2007, 08:37 PM

Hi
Done all that, seemed to go OK.
Combofix log:

ComboFix 07-12-09.1 - Neil 2007-12-12 14:28:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.589 [GMT 11:00]
Running from: C:\Documents and Settings\Neil\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Neil\Application Data\inst.exe
C:\Program Files\internet explorer\svchost.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
.

2007-12-03 10:04 . 2007-12-03 10:06 <DIR> d-------- C:\Program Files\Easy Outlook Express Backup
2007-12-02 06:17 . 2007-12-02 07:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-29 20:11 . 2007-11-29 20:11 <DIR> d-------- C:\Documents and Settings\Neil\Application Data\GlobalSCAPE
2007-11-29 20:10 . 2007-11-29 20:10 <DIR> d-------- C:\Program Files\GlobalSCAPE
2007-11-29 17:37 . 2007-11-29 17:37 <DIR> d-------- C:\Program Files\uTorrent
2007-11-29 17:37 . 2007-12-08 10:11 <DIR> d-------- C:\Documents and Settings\Neil\Application Data\uTorrent
2007-11-28 15:43 . 2007-11-28 15:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2007-11-27 16:06 . 2007-11-27 16:06 <DIR> d-------- C:\Program Files\PowerISO
2007-11-24 15:50 . 2007-11-24 15:50 164 --a------ C:\WINDOWS\CDPLAYER.UNI
2007-11-24 15:48 . 2007-11-24 15:48 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor
2007-11-24 15:48 . 2007-11-24 15:49 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 10
2007-11-24 15:44 . 2007-11-24 15:44 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-23 18:46 . 2007-12-12 14:17 <DIR> d-------- C:\Documents and Settings\Neil\Application Data\dvdcss
2007-11-23 18:37 . 2007-11-23 18:37 <DIR> d-------- C:\Program Files\DVD Shrink
2007-11-23 18:37 . 2007-11-23 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-23 18:33 . 2007-11-23 18:33 <DIR> d-------- C:\Program Files\CyberLink
2007-11-23 18:33 . 2007-11-23 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-11-23 17:42 . 2007-11-23 17:42 <DIR> d-------- C:\Program Files\DVDFab Platinum 3
2007-11-23 17:42 . 2007-11-23 20:45 <DIR> d-------- C:\Documents and Settings\Neil\Application Data\Vso
2007-11-23 17:42 . 2007-11-23 17:42 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-23 17:42 . 2007-11-23 17:42 47,360 --a------ C:\Documents and Settings\Neil\Application Data\pcouffin.sys
2007-11-23 17:26 . 2007-11-23 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-11-22 18:46 . 2007-11-22 18:46 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-11-22 18:46 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-11-22 18:46 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-11-22 18:46 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2007-11-22 18:46 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2007-11-22 18:46 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-11-22 18:46 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2007-11-22 18:46 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-11-22 18:46 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-11-22 18:46 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-11-22 18:46 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-11-22 18:45 . 2007-11-22 18:45 <DIR> d-------- C:\Program Files\eRightSoft
2007-11-18 18:57 . 2001-08-03 11:21 438,272 -ra------ C:\WINDOWS\system32\hpgmatk.dll
2007-11-18 18:57 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-18 18:57 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-18 11:15 . 2007-11-21 14:14 <DIR> d-------- C:\Program Files\Agent
2007-11-17 17:19 . 2007-11-17 17:19 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-11-17 17:18 . 2007-11-23 17:25 <DIR> d-------- C:\Program Files\SlySoft
2007-11-17 17:15 . 2007-11-17 17:15 <DIR> d-------- C:\Program Files\Pegasys Inc
2007-11-17 12:14 . 2007-11-17 12:14 <DIR> d-------- C:\Documents and Settings\Neil\Application Data\AdobeUM
2007-11-17 12:08 . 2007-11-17 12:08 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-11-17 12:08 . 2001-01-15 22:06 667,648 --a------ C:\WINDOWS\system32\ipeistor12.dll
2007-11-17 12:05 . 2007-11-22 21:37 <DIR> d-------- C:\Program Files\SimpleCopier
2007-11-17 12:03 . 2007-12-03 16:13 <DIR> d-------- C:\Program Files\Mp3TagToolsv12
2007-11-17 10:26 . 2007-11-17 10:26 <DIR> d-------- C:\Program Files\D-Link
2007-11-17 10:26 . 1999-08-25 16:19 220,160 --a------ C:\WINDOWS\PRINTERS.EXE
2007-11-17 10:26 . 2001-03-15 15:39 26,624 --a------ C:\WINDOWS\system32\PRTdlink.dll
2007-11-17 10:25 . 2007-11-17 10:25 <DIR> d-------- C:\WINDOWS\Lexmark
2007-11-17 10:25 . 2001-11-10 13:22 45,056 --a------ C:\WINDOWS\system32\Insts32K.dll
2007-11-17 10:25 . 2001-05-30 16:02 32,025 --a------ C:\WINDOWS\ssgs3su.hlp
2007-11-17 10:25 . 2001-03-20 16:10 3,262 --a------ C:\WINDOWS\reinstall.ico
2007-11-17 10:25 . 2001-03-20 14:52 766 --a------ C:\WINDOWS\Uninstall.ico
2007-11-17 06:09 . 2007-11-17 06:09 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-17 06:09 . 2007-12-05 00:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-17 06:09 . 2004-01-09 21:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-17 06:09 . 2007-12-04 23:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-17 06:09 . 2007-12-05 01:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-17 06:09 . 2007-12-05 01:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-17 06:09 . 2007-12-05 01:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-17 06:09 . 2007-12-05 01:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-17 06:09 . 2007-12-05 01:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-16 20:37 . 2007-12-03 18:07 <DIR> d-------- C:\Program Files\Winamp
2007-11-16 19:01 . 2007-07-10 00:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-16 18:42 . 2007-11-16 19:19 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-16 18:40 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-11-16 18:40 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-11-16 18:40 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-11-16 18:40 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-11-16 18:40 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-11-16 18:39 . 2007-11-16 18:39 <DIR> d---s---- C:\Documents and Settings\Neil\UserData
2007-11-16 16:33 . 2007-11-29 17:41 <DIR> d-------- C:\Documents and Settings\Neil\Application Data\.BitTornado
2007-11-16 16:30 . 2007-11-16 16:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner
2007-11-16 16:08 . 2007-11-16 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2007-11-16 16:07 . 2007-11-16 16:07 <DIR> d-------- C:\Program Files\Siber Systems
2007-11-16 16:03 . 2007-11-16 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-16 15:55 . 2007-11-16 15:55 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-16 15:54 . 2007-11-16 15:56 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-16 15:52 . 2007-11-16 15:52 <DIR> d-------- C:\Program Files\BitTornado
2007-11-16 15:47 . 2006-03-07 16:27 3,067,904 --------- C:\WINDOWS\NuNinst.exe
2007-11-16 15:47 . 2006-03-24 11:12 59,278 --------- C:\WINDOWS\NuNinst.cfg
2007-11-16 15:46 . 2007-11-16 15:46 <DIR> d-------- C:\WINDOWS\InCD
2007-11-16 15:46 . 2006-03-23 17:15 102,016 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2007-11-16 15:46 . 2006-03-23 17:15 33,536 --------- C:\WINDOWS\system32\drivers\InCDrm.sys
2007-11-16 15:46 . 2006-03-23 17:15 29,440 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2007-11-16 15:46 . 2006-03-23 17:00 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2007-11-16 15:45 . 2007-11-17 18:45 <DIR> d-------- C:\Program Files\ExplorerXP
2007-11-16 15:41 . 2007-11-16 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2007-11-16 15:40 . 2007-11-16 15:40 <DIR> d-------- C:\Program Files\Atomic Clock Sync
2007-11-16 15:40 . 2007-11-16 15:40 <DIR> d-------- C:\Program Files\APSW
2007-11-16 15:30 . 2007-11-16 15:30 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-16 15:30 . 2007-11-16 15:46 <DIR> d-------- C:\Program Files\Ahead
2007-11-16 15:30 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-11-16 15:30 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-11-16 15:30 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-11-16 15:30 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-11-16 15:30 . 2003-03-29 15:45 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-11-16 15:30 . 2003-09-15 13:56 57,344 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2007-11-16 15:30 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 06:41 --------- d-----w C:\Documents and Settings\Neil\Application Data\.BitTornado
2007-11-17 06:15 20,576 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-11-17 06:15 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-17 06:15 103,936 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-17 06:15 10,752 ------w C:\WINDOWS\system32\pxwma.dll
2007-11-16 00:35 --------- d-----w C:\Program Files\microsoft frontpage
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-11-16 16:07]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-09-11 13:57 C:\WINDOWS\SOUNDMAN.EXE]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2005-09-27 12:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-05 00:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-11-16 16:07]

.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 14:30:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-12 14:31:16
.
--- E O F ---

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:38 PM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Hold\Neil.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1195198780562
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5799 bytes

Thanks again, I hope that's done with.
By the way, the PC seems to be running quite a bit faster.
What did this Trojan do anyway?
Neil.

12-11-2007, 08:37 PM	#13 (permalink)
budsy Registered User Join Date: Dec 2007 Posts: 9 OS: XP SP2	Re: Browser Hijack? Hi Done all that, seemed to go OK. Combofix log: ComboFix 07-12-09.1 - Neil 2007-12-12 14:28:52.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.589 [GMT 11:00] Running from: C:\Documents and Settings\Neil\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Neil\Application Data\inst.exe C:\Program Files\internet explorer\svchost.exe . ((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))) . 2007-12-03 10:04 . 2007-12-03 10:06 <DIR> d-------- C:\Program Files\Easy Outlook Express Backup 2007-12-02 06:17 . 2007-12-02 07:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-29 20:11 . 2007-11-29 20:11 <DIR> d-------- C:\Documents and Settings\Neil\Application Data\GlobalSCAPE 2007-11-29 20:10 . 2007-11-29 20:10 <DIR> d-------- C:\Program Files\GlobalSCAPE 2007-11-29 17:37 . 2007-11-29 17:37 <DIR> d-------- C:\Program Files\uTorrent 2007-11-29 17:37 . 2007-12-08 10:11 <DIR> d-------- C:\Documents and Settings\Neil\Application Data\uTorrent 2007-11-28 15:43 . 2007-11-28 15:43 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM 2007-11-27 16:06 . 2007-11-27 16:06 <DIR> d-------- C:\Program Files\PowerISO 2007-11-24 15:50 . 2007-11-24 15:50 164 --a------ C:\WINDOWS\CDPLAYER.UNI 2007-11-24 15:48 . 2007-11-24 15:48 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor 2007-11-24 15:48 . 2007-11-24 15:49 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 10 2007-11-24 15:44 . 2007-11-24 15:44 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-11-23 18:46 . 2007-12-12 14:17 <DIR> d-------- C:\Documents and Settings\Neil\Application Data\dvdcss 2007-11-23 18:37 . 2007-11-23 18:37 <DIR> d-------- C:\Program Files\DVD Shrink 2007-11-23 18:37 . 2007-11-23 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-11-23 18:33 . 2007-11-23 18:33 <DIR> d-------- C:\Program Files\CyberLink 2007-11-23 18:33 . 2007-11-23 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2007-11-23 17:42 . 2007-11-23 17:42 <DIR> d-------- C:\Program Files\DVDFab Platinum 3 2007-11-23 17:42 . 2007-11-23 20:45 <DIR> d-------- C:\Documents and Settings\Neil\Application Data\Vso 2007-11-23 17:42 . 2007-11-23 17:42 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-11-23 17:42 . 2007-11-23 17:42 47,360 --a------ C:\Documents and Settings\Neil\Application Data\pcouffin.sys 2007-11-23 17:26 . 2007-11-23 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2007-11-22 18:46 . 2007-11-22 18:46 <DIR> d-------- C:\Program Files\AviSynth 2.5 2007-11-22 18:46 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll 2007-11-22 18:46 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe 2007-11-22 18:46 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll 2007-11-22 18:46 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll 2007-11-22 18:46 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe 2007-11-22 18:46 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe 2007-11-22 18:46 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-11-22 18:46 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll 2007-11-22 18:46 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe 2007-11-22 18:46 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll 2007-11-22 18:45 . 2007-11-22 18:45 <DIR> d-------- C:\Program Files\eRightSoft 2007-11-18 18:57 . 2001-08-03 11:21 438,272 -ra------ C:\WINDOWS\system32\hpgmatk.dll 2007-11-18 18:57 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-18 18:57 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-11-18 11:15 . 2007-11-21 14:14 <DIR> d-------- C:\Program Files\Agent 2007-11-17 17:19 . 2007-11-17 17:19 <DIR> d-------- C:\Program Files\Elaborate Bytes 2007-11-17 17:18 . 2007-11-23 17:25 <DIR> d-------- C:\Program Files\SlySoft 2007-11-17 17:15 . 2007-11-17 17:15 <DIR> d-------- C:\Program Files\Pegasys Inc 2007-11-17 12:14 . 2007-11-17 12:14 <DIR> d-------- C:\Documents and Settings\Neil\Application Data\AdobeUM 2007-11-17 12:08 . 2007-11-17 12:08 <DIR> d-------- C:\Program Files\Hewlett-Packard 2007-11-17 12:08 . 2001-01-15 22:06 667,648 --a------ C:\WINDOWS\system32\ipeistor12.dll 2007-11-17 12:05 . 2007-11-22 21:37 <DIR> d-------- C:\Program Files\SimpleCopier 2007-11-17 12:03 . 2007-12-03 16:13 <DIR> d-------- C:\Program Files\Mp3TagToolsv12 2007-11-17 10:26 . 2007-11-17 10:26 <DIR> d-------- C:\Program Files\D-Link 2007-11-17 10:26 . 1999-08-25 16:19 220,160 --a------ C:\WINDOWS\PRINTERS.EXE 2007-11-17 10:26 . 2001-03-15 15:39 26,624 --a------ C:\WINDOWS\system32\PRTdlink.dll 2007-11-17 10:25 . 2007-11-17 10:25 <DIR> d-------- C:\WINDOWS\Lexmark 2007-11-17 10:25 . 2001-11-10 13:22 45,056 --a------ C:\WINDOWS\system32\Insts32K.dll 2007-11-17 10:25 . 2001-05-30 16:02 32,025 --a------ C:\WINDOWS\ssgs3su.hlp 2007-11-17 10:25 . 2001-03-20 16:10 3,262 --a------ C:\WINDOWS\reinstall.ico 2007-11-17 10:25 . 2001-03-20 14:52 766 --a------ C:\WINDOWS\Uninstall.ico 2007-11-17 06:09 . 2007-11-17 06:09 <DIR> d-------- C:\Program Files\Alwil Software 2007-11-17 06:09 . 2007-12-05 00:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-11-17 06:09 . 2004-01-09 21:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-11-17 06:09 . 2007-12-04 23:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-11-17 06:09 . 2007-12-05 01:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-11-17 06:09 . 2007-12-05 01:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-11-17 06:09 . 2007-12-05 01:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-11-17 06:09 . 2007-12-05 01:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-11-17 06:09 . 2007-12-05 01:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-11-16 20:37 . 2007-12-03 18:07 <DIR> d-------- C:\Program Files\Winamp 2007-11-16 19:01 . 2007-07-10 00:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-11-16 18:42 . 2007-11-16 19:19 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-11-16 18:40 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2007-11-16 18:40 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2007-11-16 18:40 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2007-11-16 18:40 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-11-16 18:40 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2007-11-16 18:39 . 2007-11-16 18:39 <DIR> d---s---- C:\Documents and Settings\Neil\UserData 2007-11-16 16:33 . 2007-11-29 17:41 <DIR> d-------- C:\Documents and Settings\Neil\Application Data\.BitTornado 2007-11-16 16:30 . 2007-11-16 16:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner 2007-11-16 16:08 . 2007-11-16 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm 2007-11-16 16:07 . 2007-11-16 16:07 <DIR> d-------- C:\Program Files\Siber Systems 2007-11-16 16:03 . 2007-11-16 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2007-11-16 15:55 . 2007-11-16 15:55 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-11-16 15:54 . 2007-11-16 15:56 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-11-16 15:52 . 2007-11-16 15:52 <DIR> d-------- C:\Program Files\BitTornado 2007-11-16 15:47 . 2006-03-07 16:27 3,067,904 --------- C:\WINDOWS\NuNinst.exe 2007-11-16 15:47 . 2006-03-24 11:12 59,278 --------- C:\WINDOWS\NuNinst.cfg 2007-11-16 15:46 . 2007-11-16 15:46 <DIR> d-------- C:\WINDOWS\InCD 2007-11-16 15:46 . 2006-03-23 17:15 102,016 --------- C:\WINDOWS\system32\drivers\InCDfs.sys 2007-11-16 15:46 . 2006-03-23 17:15 33,536 --------- C:\WINDOWS\system32\drivers\InCDrm.sys 2007-11-16 15:46 . 2006-03-23 17:15 29,440 --------- C:\WINDOWS\system32\drivers\InCDpass.sys 2007-11-16 15:46 . 2006-03-23 17:00 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys 2007-11-16 15:45 . 2007-11-17 18:45 <DIR> d-------- C:\Program Files\ExplorerXP 2007-11-16 15:41 . 2007-11-16 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies 2007-11-16 15:40 . 2007-11-16 15:40 <DIR> d-------- C:\Program Files\Atomic Clock Sync 2007-11-16 15:40 . 2007-11-16 15:40 <DIR> d-------- C:\Program Files\APSW 2007-11-16 15:30 . 2007-11-16 15:30 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-11-16 15:30 . 2007-11-16 15:46 <DIR> d-------- C:\Program Files\Ahead 2007-11-16 15:30 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll 2007-11-16 15:30 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll 2007-11-16 15:30 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll 2007-11-16 15:30 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-11-16 15:30 . 2003-03-29 15:45 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys 2007-11-16 15:30 . 2003-09-15 13:56 57,344 --a------ C:\WINDOWS\system32\ImageDrive.cpl 2007-11-16 15:30 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-29 06:41 --------- d-----w C:\Documents and Settings\Neil\Application Data\.BitTornado 2007-11-17 06:15 20,576 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-11-17 06:15 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-11-17 06:15 103,936 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-11-17 06:15 10,752 ------w C:\WINDOWS\system32\pxwma.dll 2007-11-16 00:35 --------- d-----w C:\Program Files\microsoft frontpage 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-11-16 16:07] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2002-09-11 13:57 C:\WINDOWS\SOUNDMAN.EXE] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2005-09-27 12:16] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-05 00:00] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-11-16 16:07] . ************************************************************************ catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-12 14:30:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-12-12 14:31:16 . --- E O F --- Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:32:38 PM, on 12/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\BitTornado\btdownloadgui.exe C:\Program Files\BitTornado\btdownloadgui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Hold\Neil.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1195198780562 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 5799 bytes Thanks again, I hope that's done with. By the way, the PC seems to be running quite a bit faster. What did this Trojan do anyway? Neil.