Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help Please, smitfraud-c unable to remove [RESOLVED]

Started by ccoffer , Feb 01 2008 10:10 AM

This topic is locked

#1
ccoffer

Posted 01 February 2008 - 10:10 AM

Member

Member
31 posts

I have tried various differant help forums for this, and differant suggested spyware tools, but nothing seems to work. Here is a copy of my HJT file.

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:06 AM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7AD905EA-143E-4535-B7C3-D6A33D99805F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134} - (no file)
O2 - BHO: {7947aa96-416d-a5bb-a414-91cff4a8c09d} - {d90c8a4f-fc19-414a-bb5a-d61469aa7497} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZJxdm090YYUS
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...ads/tgctlcm.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152402566468
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152404562624
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.c...loadControl.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: hgggdby - hgggdby.dll (file missing)
O20 - Winlogon Notify: opipzfkx - opipzfkx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8841 bytes

#2
Rorschach112

Posted 01 February 2008 - 01:07 PM

Ralphie

Retired Staff
47,710 posts

What forums have you got help with this problem on ?

#3
ccoffer

Posted 01 February 2008 - 07:52 PM

Member

Topic Starter
Member
31 posts

basically, just googled the virus and checked out random fixes.. Most of them required to buy other software to fix it, which i did not do.
I read a few of the posts on your site to try to find what others are doing to fix it.

I followed the directions posted through out your site here as well.

I then followed the directions for what you guys suggest running before posting hijack this logs.
I am running Norton Internet security 08 and system works basic
I have ran spybot s&d
Ad-aware 2007
ATF cleaner
changed my restore points
AVG Anti-Spyware
SuperAntispyware home adition
Panda Activescan

After all of these, Im still having the same issue.

Here are the log files for Superanti-spyware and my latest hijack this after all of these scans were ran. (these are with all start up options on)

SUPERAntiSpyware Scan Log
Generated 02/01/2008 at 03:14 PM

Application Version : 3.6.1000

Core Rules Database Version : 3393
Trace Rules Database Version: 1385

Scan type : Complete Scan
Total Scan Time : 01:20:19

Memory items scanned : 511
Memory threats detected : 0
Registry items scanned : 6982
Registry threats detected : 2
File items scanned : 67590
File threats detected : 2

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134}

RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:26 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqpm.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7AD905EA-143E-4535-B7C3-D6A33D99805F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {7947aa96-416d-a5bb-a414-91cff4a8c09d} - {d90c8a4f-fc19-414a-bb5a-d61469aa7497} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155180490\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZJxdm090YYUS
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...ads/tgctlcm.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152402566468
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152404562624
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.c...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hgggdby - hgggdby.dll (file missing)
O20 - Winlogon Notify: opipzfkx - opipzfkx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11080 bytes

#4
Rorschach112

Posted 01 February 2008 - 08:00 PM

Ralphie

Retired Staff
47,710 posts

Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#5
ccoffer

Posted 02 February 2008 - 08:02 AM

Member

Topic Starter
Member
31 posts

When I click it, it gives me an error that says:

"you cannot rename ComboFix as ComboFix"
"please use another name"

When I click "Ok", it closes down

#6
Rorschach112

Posted 02 February 2008 - 08:06 AM

Ralphie

Retired Staff
47,710 posts

Ok download it and when it prompts you to save it somewhere, change the name to ccoff.exe then save it to your desktop

Then run it and post the log here

#7
ccoffer

Posted 02 February 2008 - 08:19 AM

Member

Topic Starter
Member
31 posts

I got it.. thanks =)

here is the log from combofix:
ComboFix 08-02.02.5 - Chris Coffer 2008-02-02 9:05:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1480 [GMT -5:00]Running from: C:\Documents and Settings\Chris Coffer\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\acrsec.fon
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\mpqss.ini2
C:\WINDOWS\system32\opipzfkx.dllbox
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\seovflfv.ini
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-01 15:32 . 2008-02-01 17:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-01 15:32 . 2008-02-01 15:32 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-01 15:32 . 2008-02-01 15:32 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-01 15:32 . 2008-02-01 15:32 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-01 11:39 . 2008-02-01 11:39 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Application Data\Grisoft
2008-02-01 11:31 . 2008-02-01 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-01 11:31 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-01 11:29 . 2008-02-01 15:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-01 11:29 . 2008-02-01 11:29 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Application Data\SUPERAntiSpyware.com
2008-02-01 11:29 . 2008-02-01 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-01 11:07 . 2008-02-01 11:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-31 16:43 . 2008-02-01 10:54 2,248 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-31 10:57 . 2008-01-31 10:57 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-30 21:27 . 2008-01-30 21:27 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-01-30 18:33 . 2008-01-31 11:03 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Application Data\Symantec
2008-01-30 18:30 . 2008-01-30 20:27 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-01-30 18:09 . 2008-01-31 16:53 <DIR> d-------- C:\Program Files\Norton SystemWorks Basic Edition
2008-01-30 18:07 . 2008-01-30 20:23 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-30 18:07 . 2008-01-30 20:23 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-30 18:06 . 2008-01-30 20:23 <DIR> d-------- C:\Program Files\Symantec
2008-01-30 18:06 . 2008-02-02 09:04 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-30 18:06 . 2008-02-01 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-30 16:55 . 2008-01-30 16:55 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-30 16:07 . 2008-01-30 20:23 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-30 16:07 . 2008-01-30 20:23 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-30 15:48 . 2008-01-30 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-30 15:43 . 2008-01-30 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-01-30 15:14 . 2008-01-30 15:27 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-30 11:29 . 2008-01-30 11:33 <DIR> d-------- C:\Program Files\Registry Defender
2008-01-30 10:56 . 2008-01-19 08:31 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-28 14:48 . 2008-01-28 14:48 <DIR> d-------- C:\Program Files\Microsoft Games
2008-01-28 13:48 . 2008-01-28 13:53 34,613 --a------ C:\WINDOWS\DIIUnin.dat
2008-01-28 13:47 . 2008-01-28 13:47 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-01-28 13:41 . 2008-01-29 10:25 <DIR> d-------- C:\Program Files\Diablo II
2008-01-28 12:26 . 2008-01-28 12:26 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-28 12:26 . 2008-01-28 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-28 08:04 . 2008-01-28 08:59 <DIR> d-------- C:\Program Files\Microsoft Money 2006
2008-01-27 10:59 . 2008-01-27 10:59 1,167 --a------ C:\WINDOWS\mozver.dat
2008-01-26 18:54 . 2008-01-26 18:54 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-26 18:01 . 2008-02-02 09:12 3,374,063 --a------ C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-80651102}.CDF
2008-01-26 18:01 . 2008-02-02 09:12 3,374,063 --a------ C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-80651102}.BAK
2008-01-19 08:31 . 2008-01-19 08:44 <DIR> d-------- C:\Documents and Settings\Chris Coffer\.housecall6.6
2008-01-19 08:29 . 2008-01-19 08:29 <DIR> d-------- C:\WINDOWS\Sun
2008-01-17 20:12 . 2008-01-17 20:13 <DIR> d-------- C:\picsx
2008-01-14 19:57 . 2008-01-14 19:57 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Application Data\FaxCtr
2008-01-13 15:51 . 2006-04-28 04:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-01-13 15:51 . 2006-04-28 04:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-01-13 15:51 . 2006-04-28 04:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-01-13 15:51 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-13 15:51 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-13 15:51 . 2006-04-28 04:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-01-13 15:51 . 2006-04-28 04:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-01-13 15:50 . 2008-01-13 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-01-13 15:47 . 2004-08-04 02:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-13 15:47 . 2004-08-04 02:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-13 15:44 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-13 15:44 . 2004-08-04 02:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-12 21:40 . 2008-01-12 22:16 <DIR> d-------- C:\WINDOWS\ULEAD.DAT
2008-01-12 21:40 . 2008-01-12 22:39 611 --a------ C:\WINDOWS\Ulead32.ini
2008-01-12 21:38 . 1996-01-09 07:38 283,648 --a------ C:\WINDOWS\uninst.exe
2008-01-12 11:56 . 2008-01-12 11:57 17,642,616 --a------ C:\WINDOWS\system32\MRT .exe
2008-01-12 11:51 . 2008-01-12 11:51 129 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-10 21:26 . 2008-01-10 21:26 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-10 21:25 . 2008-01-19 12:11 90,112 --a------ C:\WINDOWS\UpdReg .EXE
2008-01-10 00:44 . 2008-01-13 12:26 <DIR> d-------- C:\WINDOWS\system32\vt8
2008-01-10 00:44 . 2008-01-10 00:44 <DIR> d-------- C:\WINDOWS\system32\mp2
2008-01-10 00:44 . 2008-01-19 15:33 <DIR> d-------- C:\WINDOWS\system32\edcA18
2008-01-10 00:44 . 2008-01-10 00:44 <DIR> d-------- C:\WINDOWS\system32\che9
2008-01-10 00:44 . 2008-01-10 00:44 86,016 --a------ C:\WINDOWS\system32\drivers\slnt75544.sys
2008-01-05 19:14 . 2008-01-05 19:14 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-05 17:30 . 2008-01-18 22:46 <DIR> d-------- C:\Program Files\Java
2008-01-05 17:30 . 2008-01-06 10:57 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Shared
2008-01-05 17:30 . 2008-01-27 12:34 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Incomplete
2008-01-05 17:30 . 2008-01-12 11:24 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Application Data\LimeWire
2008-01-05 17:30 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-05 17:29 . 2008-01-05 17:29 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-02 20:25 . 2008-01-26 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-02 20:25 . 2008-01-02 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-02 20:24 . 2008-01-06 09:45 1,329 --ah----- C:\IPH.PH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 16:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-01 15:47 34,920 ----a-w C:\Documents and Settings\Chris Coffer\Application Data\GDIPFONTCACHEV1.DAT
2008-01-31 02:27 --------- d-----w C:\Program Files\iTunes
2008-01-30 21:04 --------- d-----w C:\Program Files\Norton SystemWorks
2008-01-28 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 17:26 --------- d-----w C:\Documents and Settings\Chris Coffer\Application Data\Lavasoft
2008-01-28 17:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-28 14:14 --------- d-----w C:\Program Files\World of Warcraft
2008-01-27 17:42 --------- d-----w C:\Program Files\Morpheus
2008-01-26 23:49 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-19 20:32 --------- d-----w C:\Program Files\QuickTime
2008-01-19 14:06 --------- d-----w C:\Program Files\MSN Messenger
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-13 15:51 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-12 16:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-06 03:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-05 21:21 --------- d-----w C:\Program Files\eMule
2008-01-02 07:12 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys
2007-12-15 13:53 --------- d-----w C:\Program Files\DivX
2007-12-10 20:54 --------- d-----w C:\Program Files\twc
2007-12-10 20:54 --------- d-----w C:\Program Files\Common Files\SupportSoft
2007-12-10 20:52 --------- d-----w C:\Program Files\HERACTSTG
2007-12-05 06:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-04 01:22 --------- d-----w C:\Program Files\Ventrilo
2007-12-04 01:20 --------- d-----w C:\Program Files\VentSrv
.

<pre>
----a-w		   180,269 2008-01-19 14:08:34  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w		   163,840 2008-01-19 17:11:45  C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray .exe
----a-w			28,672 2008-01-19 17:11:48  C:\Program Files\Creative\Splash Screen\CTEaxSpl .EXE
----a-w		   257,088 2008-01-19 17:11:55  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		   132,496 2008-01-18 00:21:34  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w		   132,496 2008-01-19 14:08:59  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		 5,674,352 2008-01-19 14:09:37  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w		   282,624 2008-01-19 14:08:49  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   204,288 2008-01-19 17:12:31  C:\Program Files\Windows Media Player\WMPNSCFG .exe
----a-w			90,112 2008-01-19 17:11:38  C:\WINDOWS\UpdReg .EXE
----a-w			15,360 2008-01-11 02:26:24  C:\WINDOWS\system32\ctfmon .exe
----a-w		17,642,616 2008-01-12 16:57:06  C:\WINDOWS\system32\MRT .exe
----a-w		   188,416 2008-01-19 17:11:15  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 22:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 00:42 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AD905EA-143E-4535-B7C3-D6A33D99805F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d90c8a4f-fc19-414a-bb5a-d61469aa7497}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 16:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 16:46 28160 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07 51048]
"NSWosCheck"="C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-09-18 08:22 25472]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 23:53 714608]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 02:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-10-20 19:47 1687552]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 05:53 1056768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-19 09:08 282624]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [ ]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00 28672]
"HostManager"="C:\Program Files\Common Files\AOL\1155180490\ee\AOLSoftware.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-09 22:01:36 113664]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-08-27 09:36:46 532480]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgggdby]
hgggdby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opipzfkx]
opipzfkx.dll

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-06-20 05:53]
R1 slnt75544;slnt75544;C:\WINDOWS\system32\drivers\slnt75544.sys [2008-01-10 00:44]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 16:09]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 16:09]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 02:12]
R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2006-10-10 08:17]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2005-11-03 21:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup.exe
\Shell\setup\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ed9ca6f-2e60-11db-8d5f-00142a673b72}]
\Shell\AutoRun\command - F:\Launch.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 23:38:44 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Chris Coffer.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-01-30 23:10:37 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks Basic Edition\OBC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 09:12:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
.
**************************************************************************
.
Completion time: 2008-02-02 9:15:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-02 14:15:30
.
2008-01-27 16:28:47 --- E O F ---

Here is the new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:27 AM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7AD905EA-143E-4535-B7C3-D6A33D99805F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {7947aa96-416d-a5bb-a414-91cff4a8c09d} - {d90c8a4f-fc19-414a-bb5a-d61469aa7497} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155180490\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZJxdm090YYUS
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...ads/tgctlcm.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152402566468
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152404562624
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.c...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hgggdby - hgggdby.dll (file missing)
O20 - Winlogon Notify: opipzfkx - opipzfkx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10859 bytes

#8
Rorschach112

Posted 02 February 2008 - 08:55 AM

Ralphie

Retired Staff
47,710 posts

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::C:\WINDOWS\system32\drivers\core.cache.dskC:\WINDOWS\system32\drivers\slnt75544.sysE:\Setup.exeF:\Launch.exeFolder::C:\WINDOWS\system32\vt8C:\WINDOWS\system32\mp2C:\WINDOWS\system32\edcA18C:\WINDOWS\system32\che9RenV::----a-w           180,269 2008-01-19 14:08:34  C:\Program Files\Common Files\Real\Update_OB\realsched .exe----a-w           163,840 2008-01-19 17:11:45  C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray .exe----a-w            28,672 2008-01-19 17:11:48  C:\Program Files\Creative\Splash Screen\CTEaxSpl .EXE----a-w           257,088 2008-01-19 17:11:55  C:\Program Files\iTunes\iTunesHelper .exe----a-w           132,496 2008-01-18 00:21:34  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe----a-w           132,496 2008-01-19 14:08:59  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe----a-w         5,674,352 2008-01-19 14:09:37  C:\Program Files\MSN Messenger\MsnMsgr .Exe----a-w           282,624 2008-01-19 14:08:49  C:\Program Files\QuickTime\qttask                  .exe----a-w           204,288 2008-01-19 17:12:31  C:\Program Files\Windows Media Player\WMPNSCFG .exe----a-w            90,112 2008-01-19 17:11:38  C:\WINDOWS\UpdReg .EXE----a-w            15,360 2008-01-11 02:26:24  C:\WINDOWS\system32\ctfmon .exe----a-w        17,642,616 2008-01-12 16:57:06  C:\WINDOWS\system32\MRT .exe----a-w           188,416 2008-01-19 17:11:15  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06 .exeRegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ed9ca6f-2e60-11db-8d5f-00142a673b72}]Driver::slnt75544

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Edited by Rorschach112, 02 February 2008 - 08:56 AM.

#9
ccoffer

Posted 02 February 2008 - 09:13 AM

Member

Topic Starter
Member
31 posts

done, new combo and HJT logs:

ComboFix 08-02.02.5 - Chris Coffer 2008-02-02 10:01:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1449 [GMT -5:00]
Running from: C:\Documents and Settings\Chris Coffer\Desktop\ccoff.exe
Command switches used :: C:\Documents and Settings\Chris Coffer\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
File::C:\WINDOWS\system32\drivers\core.cache.dskC:\WINDOWS\system32\drivers\slnt75544.sysE:\Setup.exeF:\Launch.exeFolder::C:\WINDOWS\system32\vt8C:\WINDOWS\system32\mp2C:\WINDOWS\system32\edcA18C:\WINDOWS\system32\che9RenV::----a-w 180,269 2008-01-19 14:08:34 C:\Program Files\Common Files\Real\Update_OB\realsched .exe----a-w 163,840 2008-01-19 17:11:45 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray .exe----a-w 28,672 2008-01-19 17:11:48 C:\Program Files\Creative\Splash Screen\CTEaxSpl .EXE----a-w 257,088 2008-01-19 17:11:55 C:\Program Files\iTunes\iTunesHelper .exe----a-w 132,496 2008-01-18 00:21:34 C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe----a-w 132,496 2008-01-19 14:08:59 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe----a-w 5,674,352 2008-01-19 14:09:37 C:\Program Files\MSN Messenger\MsnMsgr .Exe----a-w 282,624 2008-01-19 14:08:49 C:\Program Files\QuickTime\qttask .exe----a-w 204,288 2008-01-19 17:12:31 C:\Program Files\Windows Media Player\WMPNSCFG .exe----a-w 90,112 2008-01-19 17:11:38 C:\WINDOWS\UpdReg .EXE----a-w 15,360 2008-01-11 02:26:24 C:\WINDOWS\system32\ctfmon .exe----a-w 17,642,616 2008-01-12 16:57:06 C:\WINDOWS\system32\MRT .exe----a-w 188,416 2008-01-19 17:11:15 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06 .exeRegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ed9ca6f-2e60-11db-8d5f-00142a673b72}]Driver::slnt75544
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-02 09:15 . 2008-02-02 09:15 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-02-01 15:32 . 2008-02-01 17:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-01 15:32 . 2008-02-01 15:32 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-01 15:32 . 2008-02-01 15:32 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-01 15:32 . 2008-02-01 15:32 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-01 11:39 . 2008-02-01 11:39 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Application Data\Grisoft
2008-02-01 11:31 . 2008-02-01 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-01 11:31 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-01 11:29 . 2008-02-01 15:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-01 11:29 . 2008-02-01 11:29 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Application Data\SUPERAntiSpyware.com
2008-02-01 11:29 . 2008-02-01 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-01 11:07 . 2008-02-01 11:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-31 16:43 . 2008-02-01 10:54 2,248 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-31 10:57 . 2008-01-31 10:57 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-30 21:27 . 2008-01-30 21:27 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-01-30 18:33 . 2008-01-31 11:03 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Application Data\Symantec
2008-01-30 18:30 . 2008-01-30 20:27 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-01-30 18:09 . 2008-01-31 16:53 <DIR> d-------- C:\Program Files\Norton SystemWorks Basic Edition
2008-01-30 18:07 . 2008-01-30 20:23 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-30 18:07 . 2008-01-30 20:23 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-30 18:06 . 2008-01-30 20:23 <DIR> d-------- C:\Program Files\Symantec
2008-01-30 18:06 . 2008-02-02 10:01 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-30 18:06 . 2008-02-02 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-30 16:55 . 2008-01-30 16:55 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-30 16:07 . 2008-01-30 20:23 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-30 16:07 . 2008-01-30 20:23 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-30 15:48 . 2008-01-30 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-30 15:43 . 2008-01-30 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-01-30 11:29 . 2008-01-30 11:33 <DIR> d-------- C:\Program Files\Registry Defender
2008-01-30 10:56 . 2008-01-19 08:31 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-28 12:26 . 2008-01-28 12:26 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-28 12:26 . 2008-01-28 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-28 08:04 . 2008-01-28 08:59 <DIR> d-------- C:\Program Files\Microsoft Money 2006
2008-01-27 10:59 . 2008-01-27 10:59 1,167 --a------ C:\WINDOWS\mozver.dat
2008-01-26 18:54 . 2008-01-26 18:54 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-26 18:01 . 2008-02-02 10:07 3,374,063 --a------ C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-80651102}.CDF
2008-01-26 18:01 . 2008-02-02 10:07 3,374,063 --a------ C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-80651102}.BAK
2008-01-19 08:31 . 2008-01-19 08:44 <DIR> d-------- C:\Documents and Settings\Chris Coffer\.housecall6.6
2008-01-19 08:29 . 2008-01-19 08:29 <DIR> d-------- C:\WINDOWS\Sun
2008-01-17 20:12 . 2008-01-17 20:13 <DIR> d-------- C:\picsx
2008-01-14 19:57 . 2008-01-14 19:57 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Application Data\FaxCtr
2008-01-13 15:51 . 2006-04-28 04:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-01-13 15:51 . 2006-04-28 04:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-01-13 15:51 . 2006-04-28 04:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-01-13 15:51 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-13 15:51 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-13 15:51 . 2006-04-28 04:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-01-13 15:51 . 2006-04-28 04:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-01-13 15:50 . 2008-01-13 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-01-13 15:47 . 2004-08-04 02:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-13 15:47 . 2004-08-04 02:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-13 15:44 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-13 15:44 . 2004-08-04 02:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-12 21:40 . 2008-01-12 22:16 <DIR> d-------- C:\WINDOWS\ULEAD.DAT
2008-01-12 21:40 . 2008-01-12 22:39 611 --a------ C:\WINDOWS\Ulead32.ini
2008-01-12 21:38 . 1996-01-09 07:38 283,648 --a------ C:\WINDOWS\uninst.exe
2008-01-12 11:56 . 2008-01-12 11:57 17,642,616 --a------ C:\WINDOWS\system32\MRT .exe
2008-01-12 11:51 . 2008-01-12 11:51 129 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-10 21:26 . 2008-01-10 21:26 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-10 21:25 . 2008-01-19 12:11 90,112 --a------ C:\WINDOWS\UpdReg .EXE
2008-01-10 00:44 . 2008-01-13 12:26 <DIR> d-------- C:\WINDOWS\system32\vt8
2008-01-10 00:44 . 2008-01-10 00:44 <DIR> d-------- C:\WINDOWS\system32\mp2
2008-01-10 00:44 . 2008-01-19 15:33 <DIR> d-------- C:\WINDOWS\system32\edcA18
2008-01-10 00:44 . 2008-01-10 00:44 <DIR> d-------- C:\WINDOWS\system32\che9
2008-01-10 00:44 . 2008-01-10 00:44 86,016 --a------ C:\WINDOWS\system32\drivers\slnt75544.sys
2008-01-05 19:14 . 2008-01-05 19:14 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-05 17:30 . 2008-01-18 22:46 <DIR> d-------- C:\Program Files\Java
2008-01-05 17:30 . 2008-01-06 10:57 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Shared
2008-01-05 17:30 . 2008-01-27 12:34 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Incomplete
2008-01-05 17:30 . 2008-01-12 11:24 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Application Data\LimeWire
2008-01-05 17:30 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-05 17:29 . 2008-01-05 17:29 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-02 20:25 . 2008-01-26 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-02 20:25 . 2008-01-02 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-02 20:24 . 2008-01-06 09:45 1,329 --ah----- C:\IPH.PH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 14:22 --------- d-----w C:\Program Files\Sony
2008-02-01 16:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-01 15:47 34,920 ----a-w C:\Documents and Settings\Chris Coffer\Application Data\GDIPFONTCACHEV1.DAT
2008-01-31 02:27 --------- d-----w C:\Program Files\iTunes
2008-01-30 21:04 --------- d-----w C:\Program Files\Norton SystemWorks
2008-01-28 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 17:26 --------- d-----w C:\Documents and Settings\Chris Coffer\Application Data\Lavasoft
2008-01-28 17:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-28 14:14 --------- d-----w C:\Program Files\World of Warcraft
2008-01-27 17:42 --------- d-----w C:\Program Files\Morpheus
2008-01-26 23:49 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-19 20:32 --------- d-----w C:\Program Files\QuickTime
2008-01-19 14:06 --------- d-----w C:\Program Files\MSN Messenger
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-13 15:51 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-12 16:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-06 03:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-05 21:21 --------- d-----w C:\Program Files\eMule
2008-01-02 07:12 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys
2007-12-15 13:53 --------- d-----w C:\Program Files\DivX
2007-12-10 20:54 --------- d-----w C:\Program Files\twc
2007-12-10 20:54 --------- d-----w C:\Program Files\Common Files\SupportSoft
2007-12-10 20:52 --------- d-----w C:\Program Files\HERACTSTG
2007-12-05 06:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-04 01:22 --------- d-----w C:\Program Files\Ventrilo
2007-12-04 01:20 --------- d-----w C:\Program Files\VentSrv
.

<pre>
----a-w		   180,269 2008-01-19 14:08:34  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w		   163,840 2008-01-19 17:11:45  C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray .exe
----a-w			28,672 2008-01-19 17:11:48  C:\Program Files\Creative\Splash Screen\CTEaxSpl .EXE
----a-w		   257,088 2008-01-19 17:11:55  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		   132,496 2008-01-18 00:21:34  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w		   132,496 2008-01-19 14:08:59  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		 5,674,352 2008-01-19 14:09:37  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w		   282,624 2008-01-19 14:08:49  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   204,288 2008-01-19 17:12:31  C:\Program Files\Windows Media Player\WMPNSCFG .exe
----a-w			90,112 2008-01-19 17:11:38  C:\WINDOWS\UpdReg .EXE
----a-w			15,360 2008-01-11 02:26:24  C:\WINDOWS\system32\ctfmon .exe
----a-w		17,642,616 2008-01-12 16:57:06  C:\WINDOWS\system32\MRT .exe
----a-w		   188,416 2008-01-19 17:11:15  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 22:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 00:42 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AD905EA-143E-4535-B7C3-D6A33D99805F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d90c8a4f-fc19-414a-bb5a-d61469aa7497}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 16:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 16:46 28160 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07 51048]
"NSWosCheck"="C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-09-18 08:22 25472]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 23:53 714608]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 02:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-10-20 19:47 1687552]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 05:53 1056768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-19 09:08 282624]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [ ]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00 28672]
"HostManager"="C:\Program Files\Common Files\AOL\1155180490\ee\AOLSoftware.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-09 22:01:36 113664]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-08-27 09:36:46 532480]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgggdby]
hgggdby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opipzfkx]
opipzfkx.dll

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-06-20 05:53]
R1 slnt75544;slnt75544;C:\WINDOWS\system32\drivers\slnt75544.sys [2008-01-10 00:44]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 16:09]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 16:09]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 02:12]
R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2006-10-10 08:17]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2005-11-03 21:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Setup.exe
\Shell\setup\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ed9ca6f-2e60-11db-8d5f-00142a673b72}]
\Shell\AutoRun\command - F:\Launch.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 23:38:44 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Chris Coffer.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-01-30 23:10:37 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks Basic Edition\OBC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 10:06:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2008-02-02 10:11:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-02 15:10:59
ComboFix2.txt 2008-02-02 14:15:35
.
2008-01-27 16:28:47 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:53 AM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7AD905EA-143E-4535-B7C3-D6A33D99805F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {7947aa96-416d-a5bb-a414-91cff4a8c09d} - {d90c8a4f-fc19-414a-bb5a-d61469aa7497} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155180490\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZJxdm090YYUS
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...ads/tgctlcm.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152402566468
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152404562624
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.c...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hgggdby - hgggdby.dll (file missing)
O20 - Winlogon Notify: opipzfkx - opipzfkx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10860 bytes

#10
Rorschach112

Posted 02 February 2008 - 09:27 AM

Ralphie

Retired Staff
47,710 posts

Are you sure you posted the right log ? Can you do this again

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray .exe
C:\Program Files\Creative\Splash Screen\CTEaxSpl .EXE
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
C:\WINDOWS\UpdReg .EXE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\MRT .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06 .exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\slnt75544.sys

Folder::
C:\WINDOWS\system32\vt8
C:\WINDOWS\system32\mp2
C:\WINDOWS\system32\edcA18
C:\WINDOWS\system32\che9

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ed9ca6f-2e60-11db-8d5f-00142a673b72}]

RenV::
----a-w 180,269 2008-01-19 14:08:34 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 163,840 2008-01-19 17:11:45 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray .exe
----a-w 28,672 2008-01-19 17:11:48 C:\Program Files\Creative\Splash Screen\CTEaxSpl .EXE
----a-w 257,088 2008-01-19 17:11:55 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-18 00:21:34 C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w 132,496 2008-01-19 14:08:59 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 5,674,352 2008-01-19 14:09:37 C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w 282,624 2008-01-19 14:08:49 C:\Program Files\QuickTime\qttask .exe
----a-w 204,288 2008-01-19 17:12:31 C:\Program Files\Windows Media Player\WMPNSCFG .exe
----a-w 90,112 2008-01-19 17:11:38 C:\WINDOWS\UpdReg .EXE
----a-w 15,360 2008-01-11 02:26:24 C:\WINDOWS\system32\ctfmon .exe
----a-w 17,642,616 2008-01-12 16:57:06 C:\WINDOWS\system32\MRT .exe
----a-w 188,416 2008-01-19 17:11:15 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06 .exe

Driver::
slnt75544

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

#11
ccoffer

Posted 02 February 2008 - 10:33 AM

Member

Topic Starter
Member
31 posts

i see what happend, the first one didnt hold its format in notepad.
This one works, however its giving me the same error as before,
that it can not rename. I have tried redownloading and saving it as differant things,
it wont initiate. Keeps erroring on the "cannot rename"

#12
Rorschach112

Posted 02 February 2008 - 10:36 AM

Ralphie

Retired Staff
47,710 posts

Does this not work

Save the above notepad file as CFScript

Drag it into ccoff.exe, which was formerly ComboFix.exe

Let it run and post the resulting log

#13
ccoffer

Posted 02 February 2008 - 10:50 AM

Member

Topic Starter
Member
31 posts

i got it, its making me re download it each time and re'allow it access every time i use it.

here are the new logs:

ComboFix 08-02.02.5 - Chris Coffer 2008-02-02 11:37:54.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1569 [GMT -5:00]
Running from: C:\Documents and Settings\Chris Coffer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chris Coffer\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray .exe
C:\Program Files\Creative\Splash Screen\CTEaxSpl .EXE
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\slnt75544.sys
C:\WINDOWS\system32\MRT .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06 .exe
C:\WINDOWS\UpdReg .EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\slnt75544.sys
C:\WINDOWS\system32\che9
C:\WINDOWS\system32\che9\farstadcom2.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\edcA18
C:\WINDOWS\system32\mp2
C:\WINDOWS\system32\vt8

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SLNT75544
-------\slnt75544

((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-01 15:32 . 2008-02-01 17:17 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-01 15:32 . 2008-02-01 15:32 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-01 15:32 . 2008-02-01 15:32 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-01 15:32 . 2008-02-01 15:32 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-01 11:39 . 2008-02-01 11:39 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Application Data\Grisoft
2008-02-01 11:31 . 2008-02-01 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-01 11:31 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-01 11:29 . 2008-02-01 15:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-01 11:29 . 2008-02-01 11:29 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Application Data\SUPERAntiSpyware.com
2008-02-01 11:29 . 2008-02-01 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-01 11:07 . 2008-02-01 11:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-31 16:43 . 2008-02-01 10:54 2,248 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-30 21:27 . 2008-01-30 21:27 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-01-30 18:33 . 2008-01-31 11:03 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Application Data\Symantec
2008-01-30 18:30 . 2008-01-30 20:27 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-01-30 18:09 . 2008-01-31 16:53 <DIR> d-------- C:\Program Files\Norton SystemWorks Basic Edition
2008-01-30 18:07 . 2008-01-30 20:23 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-30 18:07 . 2008-01-30 20:23 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-30 18:06 . 2008-01-30 20:23 <DIR> d-------- C:\Program Files\Symantec
2008-01-30 18:06 . 2008-02-02 10:58 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-30 18:06 . 2008-02-02 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-30 16:55 . 2008-01-30 16:55 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-30 16:07 . 2008-01-30 20:23 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-30 16:07 . 2008-01-30 20:23 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-30 15:48 . 2008-01-30 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-30 15:43 . 2008-01-30 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-01-30 11:29 . 2008-01-30 11:33 <DIR> d-------- C:\Program Files\Registry Defender
2008-01-30 10:56 . 2008-01-19 08:31 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-28 12:26 . 2008-01-28 12:26 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-28 12:26 . 2008-01-28 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-28 08:04 . 2008-01-28 08:59 <DIR> d-------- C:\Program Files\Microsoft Money 2006
2008-01-27 10:59 . 2008-01-27 10:59 1,167 --a------ C:\WINDOWS\mozver.dat
2008-01-26 18:54 . 2008-01-26 18:54 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-26 18:01 . 2008-02-02 10:07 3,374,063 --a------ C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-80651102}.CDF
2008-01-26 18:01 . 2008-02-02 10:07 3,374,063 --a------ C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-80651102}.BAK
2008-01-19 08:31 . 2008-01-19 08:44 <DIR> d-------- C:\Documents and Settings\Chris Coffer\.housecall6.6
2008-01-19 08:29 . 2008-01-19 08:29 <DIR> d-------- C:\WINDOWS\Sun
2008-01-17 20:12 . 2008-01-17 20:13 <DIR> d-------- C:\picsx
2008-01-14 19:57 . 2008-01-14 19:57 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Application Data\FaxCtr
2008-01-13 15:51 . 2006-04-28 04:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-01-13 15:51 . 2006-04-28 04:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-01-13 15:51 . 2006-04-28 04:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-01-13 15:51 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-13 15:51 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-13 15:51 . 2006-04-28 04:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-01-13 15:51 . 2006-04-28 04:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-01-13 15:50 . 2008-01-13 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-01-13 15:47 . 2004-08-04 02:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-13 15:47 . 2004-08-04 02:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-13 15:44 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-13 15:44 . 2004-08-04 02:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-12 21:40 . 2008-01-12 22:16 <DIR> d-------- C:\WINDOWS\ULEAD.DAT
2008-01-12 21:40 . 2008-01-12 22:39 611 --a------ C:\WINDOWS\Ulead32.ini
2008-01-12 21:38 . 1996-01-09 07:38 283,648 --a------ C:\WINDOWS\uninst.exe
2008-01-12 11:51 . 2008-01-12 11:51 129 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-10 21:26 . 2008-01-10 21:26 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-10 21:26 . 2008-01-10 21:26 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-10 21:25 . 2008-01-19 12:11 90,112 --a------ C:\WINDOWS\UpdReg.EXE
2008-01-05 19:14 . 2008-01-05 19:14 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-05 17:30 . 2008-01-18 22:46 <DIR> d-------- C:\Program Files\Java
2008-01-05 17:30 . 2008-01-06 10:57 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Shared
2008-01-05 17:30 . 2008-01-27 12:34 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Incomplete
2008-01-05 17:30 . 2008-01-12 11:24 <DIR> d-------- C:\Documents and Settings\Chris Coffer\Application Data\LimeWire
2008-01-05 17:30 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-05 17:29 . 2008-01-05 17:29 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-02 20:25 . 2008-01-26 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-02 20:25 . 2008-01-02 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-02 20:24 . 2008-01-06 09:45 1,329 --ah----- C:\IPH.PH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 16:37 --------- d-----w C:\Program Files\MSN Messenger
2008-02-02 16:37 --------- d-----w C:\Program Files\iTunes
2008-02-02 14:22 --------- d-----w C:\Program Files\Sony
2008-02-01 16:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-01 15:47 34,920 ----a-w C:\Documents and Settings\Chris Coffer\Application Data\GDIPFONTCACHEV1.DAT
2008-01-30 21:04 --------- d-----w C:\Program Files\Norton SystemWorks
2008-01-28 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 17:26 --------- d-----w C:\Documents and Settings\Chris Coffer\Application Data\Lavasoft
2008-01-28 17:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-28 14:14 --------- d-----w C:\Program Files\World of Warcraft
2008-01-27 17:42 --------- d-----w C:\Program Files\Morpheus
2008-01-26 23:49 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-19 20:32 --------- d-----w C:\Program Files\QuickTime
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-13 15:51 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-12 16:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-06 03:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-05 21:21 --------- d-----w C:\Program Files\eMule
2008-01-02 07:12 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys
2007-12-15 13:53 --------- d-----w C:\Program Files\DivX
2007-12-10 20:54 --------- d-----w C:\Program Files\twc
2007-12-10 20:54 --------- d-----w C:\Program Files\Common Files\SupportSoft
2007-12-10 20:52 --------- d-----w C:\Program Files\HERACTSTG
2007-12-05 06:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-04 01:22 --------- d-----w C:\Program Files\Ventrilo
2007-12-04 01:20 --------- d-----w C:\Program Files\VentSrv
.

<pre>
----a-w		   282,624 2008-01-19 14:08:49  C:\Program Files\QuickTime\qttask				  .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 22:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 00:42 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AD905EA-143E-4535-B7C3-D6A33D99805F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d90c8a4f-fc19-414a-bb5a-d61469aa7497}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-10 21:26 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-01-19 09:09 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 16:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 16:46 28160 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07 51048]
"NSWosCheck"="C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-09-18 08:22 25472]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 23:53 714608]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-19 12:11 257088]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-19 09:08 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-19 09:08 132496]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 02:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-10-20 19:47 1687552]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 05:53 1056768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-19 09:08 282624]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [ ]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00 28672]
"HostManager"="C:\Program Files\Common Files\AOL\1155180490\ee\AOLSoftware.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-09 22:01:36 113664]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-08-27 09:36:46 532480]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgggdby]
hgggdby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opipzfkx]
opipzfkx.dll

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-06-20 05:53]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 16:09]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 16:09]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 02:12]
R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2006-10-10 08:17]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2005-11-03 21:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 23:38:44 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Chris Coffer.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
"2008-01-30 23:10:37 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks Basic Edition\OBC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 11:43:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2008-02-02 11:48:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-02 16:47:59
ComboFix2.txt 2008-02-02 15:11:03
ComboFix3.txt 2008-02-02 14:15:35
.
2008-01-27 16:28:47 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:32 AM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7AD905EA-143E-4535-B7C3-D6A33D99805F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {7947aa96-416d-a5bb-a414-91cff4a8c09d} - {d90c8a4f-fc19-414a-bb5a-d61469aa7497} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155180490\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZJxdm090YYUS
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...ads/tgctlcm.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152402566468
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152404562624
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.c...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hgggdby - hgggdby.dll (file missing)
O20 - Winlogon Notify: opipzfkx - opipzfkx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10972 bytes

#14
Rorschach112

Posted 02 February 2008 - 11:05 AM

Ralphie

Retired Staff
47,710 posts

Hello

Download RenV.exe by sUBs to your desktop
Double click on it to run it
It will search your system drive looking for any modified .exe file and will produce a log for you.
Drag this log into RenV.exe and post the resulting log

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {7AD905EA-143E-4535-B7C3-D6A33D99805F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {7947aa96-416d-a5bb-a414-91cff4a8c09d} - {d90c8a4f-fc19-414a-bb5a-d61469aa7497} - (no file)
O20 - Winlogon Notify: hgggdby - hgggdby.dll (file missing)
O20 - Winlogon Notify: opipzfkx - opipzfkx.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

#15
ccoffer

Posted 02 February 2008 - 08:22 PM

Member

Topic Starter
Member
31 posts

done,
here is the new log:

Ran on Sat 02/02/2008 - 21:18:20.54

 Entries:				0  (0)
 Directories:			0  Files:			 0
 Bytes:				  0  Blocks:			0

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

As Featured On:

Geeks to Go Forum 343,326 topics
Quick Links FAQ Malware Cleaning Guide How it Works
Downloads 2+ million

View New Content

Help Please, smitfraud-c unable to remove [RESOLVED]

#1
ccoffer

Posted 01 February 2008 - 10:10 AM

Advertisements

#2
Rorschach112

Posted 01 February 2008 - 01:07 PM

#3
ccoffer

Posted 01 February 2008 - 07:52 PM

#4
Rorschach112

Posted 01 February 2008 - 08:00 PM

#5
ccoffer

Posted 02 February 2008 - 08:02 AM

#6
Rorschach112

Posted 02 February 2008 - 08:06 AM

#7
ccoffer

Posted 02 February 2008 - 08:19 AM

#8
Rorschach112

Posted 02 February 2008 - 08:55 AM

#9
ccoffer

Posted 02 February 2008 - 09:13 AM

#10
Rorschach112

Posted 02 February 2008 - 09:27 AM

Advertisements

#11
ccoffer

Posted 02 February 2008 - 10:33 AM

#12
Rorschach112

Posted 02 February 2008 - 10:36 AM

#13
ccoffer

Posted 02 February 2008 - 10:50 AM

#14
Rorschach112

Posted 02 February 2008 - 11:05 AM

#15
ccoffer

Posted 02 February 2008 - 08:22 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Help Please, smitfraud-c unable to remove [RESOLVED]

#1 ccoffer Posted 01 February 2008 - 10:10 AM

Advertisements

#2 Rorschach112 Posted 01 February 2008 - 01:07 PM

#3 ccoffer Posted 01 February 2008 - 07:52 PM

#4 Rorschach112 Posted 01 February 2008 - 08:00 PM

#5 ccoffer Posted 02 February 2008 - 08:02 AM

#6 Rorschach112 Posted 02 February 2008 - 08:06 AM

#7 ccoffer Posted 02 February 2008 - 08:19 AM

#8 Rorschach112 Posted 02 February 2008 - 08:55 AM

#9 ccoffer Posted 02 February 2008 - 09:13 AM

#10 Rorschach112 Posted 02 February 2008 - 09:27 AM

Advertisements

#11 ccoffer Posted 02 February 2008 - 10:33 AM

#12 Rorschach112 Posted 02 February 2008 - 10:36 AM

#13 ccoffer Posted 02 February 2008 - 10:50 AM

#14 Rorschach112 Posted 02 February 2008 - 11:05 AM

#15 ccoffer Posted 02 February 2008 - 08:22 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
ccoffer

Posted 01 February 2008 - 10:10 AM

#2
Rorschach112

Posted 01 February 2008 - 01:07 PM

#3
ccoffer

Posted 01 February 2008 - 07:52 PM

#4
Rorschach112

Posted 01 February 2008 - 08:00 PM

#5
ccoffer

Posted 02 February 2008 - 08:02 AM

#6
Rorschach112

Posted 02 February 2008 - 08:06 AM

#7
ccoffer

Posted 02 February 2008 - 08:19 AM

#8
Rorschach112

Posted 02 February 2008 - 08:55 AM

#9
ccoffer

Posted 02 February 2008 - 09:13 AM

#10
Rorschach112

Posted 02 February 2008 - 09:27 AM

#11
ccoffer

Posted 02 February 2008 - 10:33 AM

#12
Rorschach112

Posted 02 February 2008 - 10:36 AM

#13
ccoffer

Posted 02 February 2008 - 10:50 AM

#14
Rorschach112

Posted 02 February 2008 - 11:05 AM

#15
ccoffer

Posted 02 February 2008 - 08:22 PM