Hi Ourwilly and thanks for helping... here is the new combofix and hijack this logs
ComboFix 08-08-07.04 - Carrie Morgan 2008-08-10 18:18:56.2 - NTFSx86
Running from: C:\Documents and Settings\Carrie Morgan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Carrie Morgan\Desktop\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\1547784834
C:\WINDOWS\inform.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1547784834
C:\Documents and Settings\Administrator\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Symantec\ErrLogs\{12E2B9E9-05B1-407d-B0FD-B5F350535125}36b49070.zip
C:\Documents and Settings\All Users\Application Data\Symantec\ErrLogs\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}2dff9480.zip
C:\Documents and Settings\All Users\Application Data\Symantec\ErrLogs\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}e08f1342.zip
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
C:\WINDOWS\inform.dat
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-07 19:04 . 2008-08-07 19:04 <DIR> d-------- C:\Program Files\Sun
2008-08-05 00:10 . 2008-08-05 00:10 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-05 00:10 . 2008-08-05 00:10 <DIR> d-------- C:\Documents and Settings\Carrie Morgan\Application Data\AVGTOOLBAR
2008-08-05 00:10 . 2008-08-05 00:10 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-05 00:10 . 2008-08-05 00:10 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-08-05 00:10 . 2008-08-05 00:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-05 00:09 . 2008-08-05 00:09 <DIR> d-------- C:\Program Files\AVG
2008-08-05 00:09 . 2008-08-05 00:09 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-03 23:54 . 2008-08-03 23:54 281 --a------ C:\Shortcut to hijackthis.lnk
2008-08-03 23:47 . 2008-08-07 19:13 <DIR> d-------- C:\Hijack this
2008-08-03 03:04 . 2008-08-03 03:37 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-03 02:41 . 2008-08-05 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-03 01:44 . 2008-08-03 01:44 <DIR> d-------- C:\Documents and Settings\Carrie Morgan\Application Data\Malwarebytes
2008-08-03 01:12 . 2008-08-03 01:12 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-03 01:12 . 2008-08-03 01:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-03 01:12 . 2008-08-03 01:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-08-03 01:12 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-03 01:12 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-03 00:47 . 2008-08-03 00:47 <DIR> d-------- C:\VundoFix Backups
2008-08-01 23:49 . 2008-08-01 23:50 <DIR> d-------- C:\Backup
2008-08-01 23:46 . 2008-08-01 23:46 <DIR> d-------- C:\Program Files\CCleaner
2008-08-01 22:55 . 2008-08-01 22:55 16,244 --a------ C:\WINDOWS\system32\rrt_is.wav
2008-08-01 22:55 . 2008-08-01 22:55 7,302 --a------ C:\WINDOWS\system32\rrt_vf.wav
2008-08-01 22:55 . 2008-08-01 22:55 7,148 --a------ C:\WINDOWS\system32\rrt_tv.wav
2008-08-01 22:55 . 2008-08-01 22:55 6,282 --a------ C:\WINDOWS\system32\rrt_tn.wav
2008-07-31 18:33 . 2005-05-24 11:29 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-31 18:33 . 2005-05-24 11:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-07-31 18:33 . 2005-05-24 11:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-07-31 18:33 . 2008-08-03 02:42 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-29 02:08 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-07-29 02:08 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-07-29 01:58 . 2008-05-15 16:15 53,168 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-07-29 01:55 . 2008-07-29 01:55 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-29 01:52 . 2007-03-29 13:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-07-29 01:52 . 2007-03-29 13:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-07-29 01:41 . 2008-07-29 03:34 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-07-29 01:41 . 2008-07-29 01:41 <DIR> d-------- C:\592902d68cc82cf92fc7
2008-07-29 01:35 . 2008-07-29 01:33 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-29 01:33 . 2008-07-29 01:35 <DIR> d-------- C:\Documents and Settings\Carrie Morgan\.housecall6.6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 18:04 --------- d-----w C:\Program Files\Java
2008-07-31 17:57 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-07-29 03:12 --------- d-----w C:\Program Files\Norton Internet Security
2008-07-29 00:11 --------- d-----w C:\Program Files\Kontiki
2008-07-29 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-07-16 19:29 --------- d-----w C:\Program Files\World of Warcraft
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 19:07 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-06-17 17:17 --------- d-----w C:\Program Files\WoW-2.3.0.7561-enGB
2008-06-17 04:15 --------- d-----w C:\Program Files\Adobe Media Player
2008-06-17 04:14 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-06-14 19:03 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-06-14 19:03 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-27 19:41 24,576 ------w C:\WINDOWS\UniFISH.exe
2008-02-23 23:43 1,578 ----a-w C:\Documents and Settings\Carrie Morgan\Application Data\wklnhst.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\592902d68cc82cf92fc7 ----
2008-07-29 01:41 788 --ah----- C:\592902d68cc82cf92fc7\$shtdwn$.req
2008-06-25 08:42 95744 --a------ C:\592902d68cc82cf92fc7\atl80.dll
2008-06-25 08:42 70184 --a------ C:\592902d68cc82cf92fc7\ochelpagent.dll
2008-06-25 08:42 626688 --a------ C:\592902d68cc82cf92fc7\msvcr80.dll
2008-06-25 08:42 597146 --a------ C:\592902d68cc82cf92fc7\ja-jp\eula.rtf
2008-06-25 08:42 592936 --a------ C:\592902d68cc82cf92fc7\winssplatform.dll
2008-06-25 08:42 58408 --a------ C:\592902d68cc82cf92fc7\conflictingappmodule.dll
2008-06-25 08:42 56872 --a------ C:\592902d68cc82cf92fc7\cert.dll
2008-06-25 08:42 548864 --a------ C:\592902d68cc82cf92fc7\msvcp80.dll
2008-06-25 08:42 522 --a------ C:\592902d68cc82cf92fc7\microsoft.vc80.crt.manifest
2008-06-25 08:42 5102 --a------ C:\592902d68cc82cf92fc7\service.xml
2008-06-25 08:42 456 --a------ C:\592902d68cc82cf92fc7\microsoft.vc80.atl.manifest
2008-06-25 08:42 370728 --a------ C:\592902d68cc82cf92fc7\ocsetup.exe
2008-06-25 08:42 263208 --a------ C:\592902d68cc82cf92fc7\winsscommon.dll
2008-06-25 08:42 162503 --a------ C:\592902d68cc82cf92fc7\de-at\eula.rtf
2008-06-25 08:42 162165 --a------ C:\592902d68cc82cf92fc7\de-de\eula.rtf
2008-06-25 08:42 161780 --a------ C:\592902d68cc82cf92fc7\de-ch\eula.rtf
2008-06-25 08:42 161520 --a------ C:\592902d68cc82cf92fc7\pt-br\eula.rtf
2008-06-25 08:42 159878 --a------ C:\592902d68cc82cf92fc7\fr-fr\eula.rtf
2008-06-25 08:42 159258 --a------ C:\592902d68cc82cf92fc7\fr-be\eula.rtf
2008-06-25 08:42 158870 --a------ C:\592902d68cc82cf92fc7\fr-ca\eula.rtf
2008-06-25 08:42 158688 --a------ C:\592902d68cc82cf92fc7\fr-ch\eula.rtf
2008-06-25 08:42 157952 --a------ C:\592902d68cc82cf92fc7\es-es\eula.rtf
2008-06-25 08:42 157853 --a------ C:\592902d68cc82cf92fc7\es-mx\eula.rtf
2008-06-25 08:42 157215 --a------ C:\592902d68cc82cf92fc7\ko-kr\eula.rtf
2008-06-25 08:42 157215 --a------ C:\592902d68cc82cf92fc7\ja-jp-psloc\eula.rtf
2008-06-25 08:42 155309 --a------ C:\592902d68cc82cf92fc7\it-it\eula.rtf
2008-06-25 08:42 154394 --a------ C:\592902d68cc82cf92fc7\nl-be\eula.rtf
2008-06-25 08:42 153735 --a------ C:\592902d68cc82cf92fc7\nl-nl\eula.rtf
2008-06-25 08:42 148575 --a------ C:\592902d68cc82cf92fc7\en-au\eula.rtf
2008-06-25 08:42 147589 --a------ C:\592902d68cc82cf92fc7\en-ca\eula.rtf
2008-06-25 08:42 146554 --a------ C:\592902d68cc82cf92fc7\en-sg\eula.rtf
2008-06-25 08:42 145964 --a------ C:\592902d68cc82cf92fc7\eula.rtf
2008-06-25 08:42 145726 --a------ C:\592902d68cc82cf92fc7\en-in\eula.rtf
2008-06-25 08:42 145721 --a------ C:\592902d68cc82cf92fc7\en-hk\eula.rtf
2008-06-25 08:42 145583 --a------ C:\592902d68cc82cf92fc7\en-ie\eula.rtf
2008-06-25 08:42 145184 --a------ C:\592902d68cc82cf92fc7\en-nz\eula.rtf
2008-06-25 08:42 145035 --a------ C:\592902d68cc82cf92fc7\en-gb\eula.rtf
2008-06-25 08:42 140047 --a------ C:\592902d68cc82cf92fc7\es-us\eula.rtf
2008-06-25 08:42 131624 --a------ C:\592902d68cc82cf92fc7\nl-nl\ocsetupro.dll
2008-06-25 08:42 131624 --a------ C:\592902d68cc82cf92fc7\nl-be\ocsetupro.dll
2008-06-25 08:42 129064 --a------ C:\592902d68cc82cf92fc7\es-us\ocsetupro.dll
2008-06-25 08:42 129064 --a------ C:\592902d68cc82cf92fc7\es-mx\ocsetupro.dll
2008-06-25 08:42 129064 --a------ C:\592902d68cc82cf92fc7\es-es\ocsetupro.dll
2008-06-25 08:42 127528 --a------ C:\592902d68cc82cf92fc7\pt-br\ocsetupro.dll
2008-06-25 08:42 124968 --a------ C:\592902d68cc82cf92fc7\ocsetupro.dll
2008-06-25 08:42 124968 --a------ C:\592902d68cc82cf92fc7\en-sg\ocsetupro.dll
2008-06-25 08:42 124968 --a------ C:\592902d68cc82cf92fc7\en-nz\ocsetupro.dll
2008-06-25 08:42 124968 --a------ C:\592902d68cc82cf92fc7\en-in\ocsetupro.dll
2008-06-25 08:42 124968 --a------ C:\592902d68cc82cf92fc7\en-ie\ocsetupro.dll
2008-06-25 08:42 124968 --a------ C:\592902d68cc82cf92fc7\en-hk\ocsetupro.dll
2008-06-25 08:42 124968 --a------ C:\592902d68cc82cf92fc7\en-gb\ocsetupro.dll
2008-06-25 08:42 124968 --a------ C:\592902d68cc82cf92fc7\en-ca\ocsetupro.dll
2008-06-25 08:42 124968 --a------ C:\592902d68cc82cf92fc7\en-au\ocsetupro.dll
2008-06-25 08:42 124456 --a------ C:\592902d68cc82cf92fc7\fr-fr\ocsetupro.dll
2008-06-25 08:42 124456 --a------ C:\592902d68cc82cf92fc7\fr-ch\ocsetupro.dll
2008-06-25 08:42 124456 --a------ C:\592902d68cc82cf92fc7\fr-ca\ocsetupro.dll
2008-06-25 08:42 124456 --a------ C:\592902d68cc82cf92fc7\fr-be\ocsetupro.dll
2008-06-25 08:42 122920 --a------ C:\592902d68cc82cf92fc7\it-it\ocsetupro.dll
2008-06-25 08:42 116776 --a------ C:\592902d68cc82cf92fc7\ko-kr\ocsetupro.dll
2008-06-25 08:42 106024 --a------ C:\592902d68cc82cf92fc7\ja-jp\ocsetupro.dll
2008-06-25 08:42 106024 --a------ C:\592902d68cc82cf92fc7\ja-jp-psloc\ocsetupro.dll
2008-06-25 08:41 135208 --a------ C:\592902d68cc82cf92fc7\de-de\ocsetupro.dll
2008-06-25 08:41 135208 --a------ C:\592902d68cc82cf92fc7\de-ch\ocsetupro.dll
2008-06-25 08:41 135208 --a------ C:\592902d68cc82cf92fc7\de-at\ocsetupro.dll
------- Sigcheck -------
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"updatemgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"toscdspd"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 11:26 65536]
"stmanager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 13:25 118784]
"reminder"="C:\Program Files\Microsoft Money\System\reminder.exe" [1997-10-10 01:00 35328]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 16:25 73728]
"tpnf"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 21:06 53248]
"toshiba accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-04-30 23:02 24576]
"svpwutil"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 15:59 65536]
"sunjavaupdatesched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"speedtouch usb diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2007-06-11 07:06 901120]
"smoothview"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-11 10:12 118784]
"quicktime task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-22 11:13 282624]
"padtouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56 1077327]
"onecareui"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-06-25 06:48 67112]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 17:03 155648]
"hwsetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-04-30 23:02 28672]
"hp software update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"hotkeyscmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 16:59 126976]
"ceekey"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-05-10 14:13 675840]
"apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 06:40 196608]
"adobe photo downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 14:45 67488]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-05 00:09 1235736]
"zooming"="ZoomingHook.exe" [2004-07-14 16:07 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"tpsmain"="TPSMain.exe" [2005-01-21 08:53 266240 C:\WINDOWS\system32\TPSMain.exe]
"tctryiohook"="TCtrlIOHook.exe" [2005-03-30 18:01 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"ndstray.exe"="NDSTray.exe" [BU]
"cfsserv.exe"="CFSServ.exe" [BU]
"agrsmmsg"="AGRSMMSG.exe" [2004-12-22 09:10 88358 C:\WINDOWS\agrsmmsg.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-19 01:00:00 111376]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-10-22 11:16:01 118784]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-19 01:00:00 51984]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-11-03 19:49:15 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\onecaremp]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-10 18:25:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Apoint2K\ApntEx.exe
.
**************************************************************************
.
Completion time: 2008-08-10 18:31:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-10 17:30:48
ComboFix2.txt 2008-08-07 22:52:27
Pre-Run: 33,357,983,744 bytes free
Post-Run: 33,344,569,344 bytes free
252 --- E O F --- 2008-07-10 22:20:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:56, on 10/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\explorer.exe
C:\Hijack this\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [tpsmain] TPSMain.exe
O4 - HKLM\..\Run: [tpnf] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [toshiba accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [tctryiohook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [svpwutil] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [sunjavaupdatesched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [speedtouch usb diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [smoothview] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [padtouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [onecareui] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [ndstray.exe] NDSTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hwsetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [hp software update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hotkeyscmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [cfsserv.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ceekey] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [agrsmmsg] AGRSMMSG.exe
O4 - HKLM\..\Run: [adobe photo downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updatemgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [toscdspd] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [stmanager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-21-4287812987-2353406363-4242629226-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-4287812987-2353406363-4242629226-1006\..\Run: [updatemgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-4287812987-2353406363-4242629226-1006\..\Run: [toscdspd] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?')
O4 - HKUS\S-1-5-21-4287812987-2353406363-4242629226-1006\..\Run: [stmanager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b (User '?')
O4 - HKUS\S-1-5-21-4287812987-2353406363-4242629226-1006\..\Run: [reminder] C:\Program Files\Microsoft Money\System\reminder.exe (User '?')
O4 - HKUS\S-1-5-21-4287812987-2353406363-4242629226-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com/togetherinternet
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
http://zone.msn.com/...UI.cab55579.cabO16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) -
http://zone.msn.com/...dy.cab55579.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1005.cabO16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
http://zone.msn.com/...at.cab55579.cabO16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -
http://zone.msn.com/...mjolauncher.cabO16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games Texas Holdem Poker) -
http://zone.msn.com/...he.cab75406.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn...ro.cab56649.cabO16 - DPF: {C728DAB8-FDF5-4CD7-89DD-879D25794C77} (KooPlayer Control) -
http://www.cctv.com/.../cctvplayer.ocxO16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) -
http://static.photob...ploader_uni.cabO16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -
http://zone.msn.com/.../default/ct.cabO16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) -
http://zone.msn.com/...xy.cab55579.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 10558 bytes
I still have no access to the internet and still have the strange fonts which aren't limited to the taskbar but all the windows too, do we seem to be getting anywhere with this one?
thanks again for your help