« previous next »
Pages: [1]

Author Topic: Adware/Trojan Virus Infection  (Read 1324 times)

Offline caisig

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Adware/Trojan Virus Infection
« on: December 29, 2007, 09:37:15 PM »
My PC was infected with adware and several trojan viruses, and I have cleaned up a bunch of stuff, but still have some issues.  The two primary indicators were that my desktop no longer has a background, and amy virtual memory is low.  Any help would be appreciated.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:13 PM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Program Files\Common Files\AOL\1144029693\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Second Nature\Snsicon.exe
C:\Program Files\GoZone\GoZone_iSync.exe
C:\Program Files\Stardock\DesktopGadgets\NaturalDesktop\NaturalDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] c:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144029693\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe
O4 - Startup: Natural Desktop.lnk = C:\Program Files\Stardock\DesktopGadgets\NaturalDesktop\NaturalDesktop.exe
O4 - Global Startup: Snsicon.lnk = C:\Program Files\Second Nature\Snsicon.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://software-dl.real.com/26f4efcf556a85...ne_Inst_Win.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://usfulfillment.puretracks.com/onager.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://emeetings.humana.com/sametime/STMee...STJNILoader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141779362156
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://D:\games\WebDriverFullInstall.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sprint PCS v3 Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - Sprint Spectrum, L.L.C - (no file)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13426 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Adware/Trojan Virus Infection
« Reply #1 on: December 30, 2007, 12:41:34 AM »
Can you do the following for me please
Download this file - Combofix.exe and save it ONLY to your desktop

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
It's default location is C:\Combofix.txt

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Also:
Download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Post back both the following

1. Post the log from Smitfraudfix
2. Post the report from Combofix
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline caisig

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Adware/Trojan Virus Infection
« Reply #2 on: January 01, 2008, 12:55:56 PM »
Hi guestolo.  Thanks for helping me with this.  I forgot to mention the first time that I was also unable to restore my PC to a prior date.  It would prepare for the restore, but when I restarted I would get a message saying the system was unable to complete the restore.  As requested, the logs are below.  FYI, I now have the ability to change my desktop background, but when I changed the background, the background that was up when I was infected overlays the new one on the right half of the screen.  Kind of bizarre, but it is an improvement.

(1)
SmitFraudFix v2.274

Scan done at 12:42:17.53, Tue 01/01/2008
Run from C:\Documents and Settings\Casey Costello\My Documents\My Download Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Program Files\Common Files\AOL\1144029693\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Second Nature\Snsicon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\GoZone\GoZone_iSync.exe
C:\Program Files\Stardock\DesktopGadgets\NaturalDesktop\NaturalDesktop.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\logo.gif FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Casey Costello


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Casey Costello\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CASEYC~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Documents and Settings\\Casey Costello\\My Documents\\My Pictures\\jax\\2006_0126Image0037.JPG"
"SubscribedURL"="C:\\Documents and Settings\\Casey Costello\\My Documents\\My Pictures\\jax\\2006_0126Image0037.JPG"
"FriendlyName"=""
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 68.87.74.162
DNS Server Search Order: 68.87.68.162

HKLM\SYSTEM\CCS\Services\Tcpip\..\{204FAC33-4A43-4C83-884C-8E78B107C8B5}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS1\Services\Tcpip\..\{204FAC33-4A43-4C83-884C-8E78B107C8B5}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS2\Services\Tcpip\..\{204FAC33-4A43-4C83-884C-8E78B107C8B5}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


(2)  
ComboFix 07-12-31.4 - Casey Costello 2008-01-01 11:52:49.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.899 [GMT -5:00]
Running from: C:\Documents and Settings\Casey Costello\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Accoona
C:\Program Files\Accoona\SARemove.exe
C:\Program Files\MediaVideoCodec
C:\RECYCLER\desktopA.sys
C:\WINDOWS\dat.txt

.
(((((((((((((((((((((((((   Files Created from 2007-12-01 to 2008-01-01  )))))))))))))))))))))))))))))))
.

2008-01-01 11:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 09:05 . 2008-01-01 11:43 2,587 --a------ C:\sfc.a
2007-12-31 18:00 . 2008-01-01 11:43 11,414 --a------ C:\sfc.6
2007-12-31 18:00 . 2008-01-01 11:43 3,299 --a------ C:\sfc.7
2007-12-31 18:00 . 2008-01-01 11:43 3,109 --a------ C:\sfc.8
2007-12-31 18:00 . 2008-01-01 11:43 2,738 --a------ C:\sfc.9
2007-12-31 18:00 . 2008-01-01 11:43 2,515 --a------ C:\sfc.5
2007-12-30 10:55 . 2008-01-01 11:43 12,965 --a------ C:\sfc.1
2007-12-30 10:55 . 2008-01-01 11:43 7,112 --a------ C:\sfc.3
2007-12-30 10:55 . 2008-01-01 11:43 2,679 --a------ C:\sfc.2
2007-12-30 10:55 . 2008-01-01 11:43 1,834 --a------ C:\sfc.4
2007-12-29 21:30 . 2007-12-29 21:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-29 21:26 . 2007-12-29 22:04 3,605 --a------ C:\sqc.5
2007-12-29 21:26 . 2007-12-29 22:04 2,883 --a------ C:\sqc.6
2007-12-29 20:55 . 2007-12-29 20:55 <DIR> d-------- C:\Documents and Settings\Casey Costello\Application Data\ParetoLogic
2007-12-29 20:54 . 2007-12-29 20:54 <DIR> d-------- C:\Program Files\ParetoLogic
2007-12-29 20:54 . 2007-12-29 20:54 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2007-12-29 20:54 . 2007-12-29 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2007-12-29 20:54 . 2007-12-29 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-12-29 20:09 . 2007-12-29 21:02 <DIR> d-------- C:\Program Files\RegCure
2007-12-29 17:06 . 2007-12-29 17:06 <DIR> d-------- C:\Documents and Settings\Casey Costello\Application Data\Grisoft
2007-12-29 17:05 . 2007-12-29 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-29 17:05 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-29 09:28 . 2007-12-29 09:31 185,139 --a------ C:\s1oc.5
2007-12-29 09:28 . 2007-12-29 09:31 6,520 --a------ C:\s1oc.1
2007-12-29 09:28 . 2007-12-29 09:31 4,079 --a------ C:\s1oc.4
2007-12-29 09:28 . 2007-12-29 09:31 2,626 --a------ C:\s1oc.8
2007-12-29 09:28 . 2007-12-29 09:31 2,585 --a------ C:\s1oc.3
2007-12-29 09:28 . 2007-12-29 09:31 2,575 --a------ C:\s1oc.2
2007-12-29 09:28 . 2007-12-29 09:31 1,993 --a------ C:\s1oc.7
2007-12-29 09:28 . 2007-12-29 09:31 1,797 --a------ C:\s1oc
2007-12-29 09:28 . 2007-12-29 09:31 1,671 --a------ C:\s1oc.6
2007-12-27 19:39 . 2007-12-27 19:39 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-27 19:34 . 2007-12-27 19:46 2,579 --a------ C:\s3sk.2
2007-12-27 19:23 . 2007-12-27 19:46 8,849 --a------ C:\s3sk
2007-12-27 19:23 . 2007-12-27 19:46 3,117 --a------ C:\s3sk.1
2007-12-27 18:43 . 2007-12-27 18:43 <DIR> d-------- C:\WINDOWS\RegistryCleaner
2007-12-27 17:49 . 2007-12-27 17:49 <DIR> d-------- C:\Documents and Settings\Casey Costello\Application Data\System Tweaker
2007-12-27 15:31 . 2007-12-29 17:20 <DIR> d-------- C:\Program Files\Uniblue
2007-12-27 15:31 . 2007-12-27 15:31 <DIR> d-------- C:\Documents and Settings\Casey Costello\Application Data\Uniblue
2007-12-27 15:31 . 2007-12-27 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-12-27 14:17 . 2007-12-27 18:24 199,167 --a------ C:\sfg.1
2007-12-27 14:17 . 2007-12-27 18:24 2,551 --a------ C:\sfg
2007-12-27 03:34 . 2007-12-27 10:31 79,933 --a------ C:\s2ik.j
2007-12-27 03:34 . 2007-12-27 10:31 14,505 --a------ C:\s2ik.d
2007-12-27 03:34 . 2007-12-27 10:31 2,834 --a------ C:\s2ik.g
2007-12-27 03:34 . 2007-12-27 10:31 2,714 --a------ C:\s2ik.h
2007-12-27 03:34 . 2007-12-27 10:31 2,636 --a------ C:\s2ik.e
2007-12-27 03:34 . 2007-12-27 10:31 2,636 --a------ C:\s2ik.c
2007-12-27 03:34 . 2007-12-27 10:31 2,632 --a------ C:\s2ik.i
2007-12-27 03:34 . 2007-12-27 10:31 1,997 --a------ C:\s2ik.f
2007-12-23 17:41 . 2007-12-23 18:04 464,343 --a------ C:\smo.3
2007-12-23 17:41 . 2007-12-23 18:04 2,929 --a------ C:\smo
2007-12-23 17:41 . 2007-12-23 18:04 2,572 --a------ C:\smo.1
2007-12-23 17:41 . 2007-12-23 18:04 2,038 --a------ C:\smo.2
2007-12-22 17:44 . 2007-12-22 18:12 1,802,068 --a------ C:\sn4.2
2007-12-22 17:44 . 2007-12-22 18:12 14,204 --a------ C:\sn4
2007-12-22 17:44 . 2007-12-22 18:12 2,659 --a------ C:\sn4.1
2007-12-19 21:32 . 2007-12-27 10:36 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-19 21:32 . 2007-12-19 21:32 <DIR> d-------- C:\Documents and Settings\Casey Costello\Application Data\PC Tools
2007-12-19 21:32 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-19 21:32 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-19 21:32 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-19 21:32 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-19 20:38 . 2007-12-19 21:22 89,906 --a------ C:\s1dc.4
2007-12-19 20:34 . 2007-12-29 16:58 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 16:37 . 2007-12-19 16:42 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-12-19 16:14 . 2007-12-19 16:14 <DIR> d-------- C:\WINDOWS\system32\runtime
2007-12-19 16:12 . 2007-12-19 16:12 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-12-19 15:33 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-19 12:51 . 2007-12-19 12:51 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-12-19 12:50 . 2007-12-19 13:00 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-19 12:50 . 2007-12-19 13:00 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-19 12:50 . 2007-12-19 13:00 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-19 12:50 . 2007-12-19 13:00 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-19 10:58 . 2007-12-19 10:58 <DIR> d-------- C:\Documents and Settings\Casey Costello\Application Data\Tenebril
2007-12-19 10:48 . 2007-12-19 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-12-19 10:45 . 2007-12-19 10:45 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-12-19 10:45 . 2005-10-12 23:10 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-12-19 10:22 . 2007-12-19 10:57 <DIR> d-------- C:\Program Files\Netcom3 Cleaner
2007-12-19 08:55 . 2007-12-19 09:21 11,624 --a------ C:\s31o.8
2007-12-19 08:55 . 2007-12-19 09:21 4,954 --a------ C:\s31o.7
2007-12-19 08:55 . 2007-12-19 09:21 2,453 --a------ C:\s31o.9
2007-12-18 17:07 . 2007-12-19 08:38 14,581 --a------ C:\so4.1
2007-12-18 17:07 . 2007-12-19 08:38 11,908 --a------ C:\so4
2007-12-18 17:07 . 2007-12-19 08:38 1,387 --a------ C:\so4.2
2007-12-18 07:43 . 2007-12-18 07:45 61,202 --a------ C:\s26o.2
2007-12-18 07:43 . 2007-12-18 07:45 13,611 --a------ C:\s26o.3
2007-12-18 07:43 . 2007-12-18 07:45 2,665 --a------ C:\s26o.5
2007-12-18 07:43 . 2007-12-18 07:45 2,626 --a------ C:\s26o.4
2007-12-17 19:01 . 2007-12-18 07:45 47,673 --a------ C:\s26o.1
2007-12-17 19:01 . 2007-12-18 07:45 5,124 --a------ C:\s26o
2007-12-17 06:56 . 2007-12-17 07:58 368,906 --a------ C:\sbg
2007-12-17 06:56 . 2007-12-17 07:58 2,532 --a------ C:\sbg.1
2007-12-16 15:43 . 2007-12-16 21:53 3,734 --a------ C:\s39c.k
2007-12-16 15:43 . 2007-12-16 21:53 2,729 --a------ C:\s39c.l
2007-12-16 08:45 . 2007-12-16 21:53 115,010 --a------ C:\s39c.i
2007-12-16 08:45 . 2007-12-16 21:53 60,863 --a------ C:\s39c.h
2007-12-16 08:45 . 2007-12-16 21:53 3,196 --a------ C:\s39c.g
2007-12-16 08:45 . 2007-12-16 21:53 2,692 --a------ C:\s39c.j

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 16:40 --------- d-----w C:\Program Files\Viewpoint
2008-01-01 16:40 --------- d-----w C:\Program Files\AIM6
2008-01-01 16:40 --------- d-----w C:\Documents and Settings\Casey Costello\Application Data\Viewpoint
2008-01-01 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-01 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-30 02:06 --------- d-----w C:\Program Files\Google
2007-12-30 02:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-30 01:37 --------- d-----w C:\Program Files\PC-Doctor for Windows
2007-12-29 21:59 --------- d-----w C:\Program Files\Punch! 5 in 1
2007-12-27 08:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-20 11:56 --------- d-----w C:\Program Files\Yahoo!
2007-12-20 03:00 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-20 02:55 --------- d-----w C:\Program Files\Common Files\Real
2007-12-19 18:03 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-19 18:00 --------- d-----w C:\Program Files\Symantec
2007-12-19 17:59 --------- d-----w C:\Documents and Settings\Casey Costello\Application Data\Yahoo!
2007-12-19 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-19 16:31 --------- d-----w C:\Program Files\AWS
2007-12-19 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-12-17 01:48 --------- d-----w C:\Documents and Settings\Casey Costello\Application Data\AdobeUM
2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-28 00:50 --------- d-----w C:\Program Files\iTunes
2007-11-28 00:50 --------- d-----w C:\Program Files\iPod
2007-11-28 00:30 --------- d-----w C:\Program Files\QuickTime
2007-11-28 00:27 --------- d-----w C:\Program Files\Apple Software Update
2007-11-28 00:25 --------- d-----w C:\Program Files\Common Files\Apple
2007-11-28 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-18 11:24 7,028,144 ----a-w C:\Documents and Settings\Casey Costello\medic6.exe
2006-05-29 15:40 24,192 ----a-w C:\Documents and Settings\Casey Costello\usbsermptxp.sys
2006-05-29 15:40 22,768 ----a-w C:\Documents and Settings\Casey Costello\usbsermpt.sys
2005-01-10 03:38 184,808 ----a-w C:\Documents and Settings\Casey Costello\Application Data\shb.dat
2004-06-02 22:56 32 --sha-w C:\WINDOWS\{04BA7690-7AED-4E2D-A830-82D0143E5C73}.dat
2004-12-15 12:15 56 --sh--r C:\WINDOWS\system32\0D93706C9A.sys
2004-12-27 01:31 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-06-02 22:56 32 --sha-w C:\WINDOWS\system32\{8318FDD1-6A65-4069-9DA2-CBB6F145CF10}.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-19 12:52 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tgcmd"="" []
"spc_w"="C:\Program Files\NZSearch\nzspc.exe" [2004-11-09 03:29 286786]
"IBM RecordNow!"="" []
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2003-04-09 21:03 532480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 02:56 380416 C:\WINDOWS\system32\irprops.cpl]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 17:50 98304]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-07-10 06:25 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-07-10 06:13 114688]
"UC_Start"="C:\IBMTools\Updater\ucstartup.exe" [2003-03-17 16:27 32768]
"ibmmessages"="c:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2003-04-09 21:03 532480]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [1998-12-10 12:57 37376]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 11:33 23040]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 17:34 213936]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-02 01:05 127035]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2006-03-20 17:34 86960]
"Net-It Launcher"="C:\WINDOWS\system32\NILaunch.exe" [1998-02-05 14:16 24576]
"HostManager"="C:\Program Files\Common Files\AOL\1144029693\ee\AOLSoftware.exe" [2006-05-09 19:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 11:59 124520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 17:34 213936]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 23:53 714608]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 21:55 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 11:33 23040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Casey Costello\Start Menu\Programs\Startup\
GoZone iSync.lnk - C:\Program Files\GoZone\GoZone_iSync.exe [2007-05-05 14:46:52]
Natural Desktop.lnk - C:\Program Files\Stardock\DesktopGadgets\NaturalDesktop\NaturalDesktop.exe [2006-03-11 20:35:33]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Snsicon.lnk - C:\Program Files\Second Nature\Snsicon.exe [2005-01-06 08:51:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Casey Costello\My Documents\My Pictures\jax\2006_0126Image0037.JPG
FriendlyName=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07]
R3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-04 00:58]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 DCamUSBVeo532;Veo Web Camera;C:\WINDOWS\system32\Drivers\ubVeo532.sys [2002-07-01 17:30]
S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-19 17:56:39 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Casey Costello.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
"2007-12-30 01:55:13 C:\WINDOWS\Tasks\ParetoLogic Update.job"
- C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
"2008-01-01 16:46:28 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-30 01:09:38 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-28 17:01:39 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 11:58:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 12:00:23
C:\qoobox\ComboFix-quarantined-files.txt  2008-01-01 16:59:57
.
2007-12-19 15:05:30 --- E O F ---
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Adware/Trojan Virus Infection
« Reply #3 on: January 01, 2008, 02:12:19 PM »
Can you do the following

I see many files that look all about the same, but I find no reference of them
As eg...
C:\sfc.8
C:\sfc.9
C:\sfc.5
C:\s31o.8
C:\s31o.7
C:\s31o.9
C:\so4.1
C:\so4
C:\so4.2

go to this link

http://www.virustotal.com/flash/index_en.html
Copy and paste a few of those files, one at a time to the Upload a File
As eg.. copy>>paste this
C:\sfc.5

Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
Do that to a few of those files
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline caisig

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Adware/Trojan Virus Infection
« Reply #4 on: January 03, 2008, 08:38:18 PM »
Here are the results.  All files were clean....



File sfc.8 received on 01.04.2008 01:47:19 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/32 (0%)
File sfc.5 received on 01.04.2008 01:53:59 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/32 (0%)
File s31o.8 received on 01.04.2008 02:09:49 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/32 (0%)
File so4.1 received on 01.04.2008 02:04:56 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/32 (0%)
File so4.2 received on 01.04.2008 02:15:39 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/32 (0%)
File so4 received on 01.04.2008 02:23:00 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/32 (0%)
I am including a screen print of the items in quarantine on my PC as an attachment in case this helps.
 
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Adware/Trojan Virus Infection
« Reply #5 on: January 03, 2008, 08:54:28 PM »
Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
In safe mode

Enter Add/remove programs, IF XP Antivirus is listed
Uninstall it
Remain in safe mode

Open the SmitfraudFix folder again and double-click smitfraudfix.cmd

=============================================================
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't
Boot to Normal Windows
I'll need to see the log it generates later, by default it is located at
C:\rapport.txt
=============================================================

Back in Windows

1. Post the log from Smitfraudfix
2. Post a fresh hijackthis log
3. supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline caisig

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Adware/Trojan Virus Infection
« Reply #6 on: January 04, 2008, 07:59:18 AM »
Here you are...

(1)
SmitFraudFix v2.274

Scan done at  7:25:56.51, Fri 01/04/2008
Run from C:\Documents and Settings\Casey Costello\My Documents\My Download Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\logo.gif Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{204FAC33-4A43-4C83-884C-8E78B107C8B5}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS1\Services\Tcpip\..\{204FAC33-4A43-4C83-884C-8E78B107C8B5}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS2\Services\Tcpip\..\{204FAC33-4A43-4C83-884C-8E78B107C8B5}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

(2)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:32 AM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Program Files\Common Files\AOL\1144029693\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Second Nature\Snsicon.exe
C:\Program Files\GoZone\GoZone_iSync.exe
C:\Program Files\Stardock\DesktopGadgets\NaturalDesktop\NaturalDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] c:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144029693\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe
O4 - Startup: Natural Desktop.lnk = C:\Program Files\Stardock\DesktopGadgets\NaturalDesktop\NaturalDesktop.exe
O4 - Global Startup: Snsicon.lnk = C:\Program Files\Second Nature\Snsicon.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://software-dl.real.com/26f4efcf556a85...ne_Inst_Win.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://usfulfillment.puretracks.com/onager.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://emeetings.humana.com/sametime/STMee...STJNILoader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141779362156
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://D:\games\WebDriverFullInstall.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sprint PCS v3 Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - Sprint Spectrum, L.L.C - (no file)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13378 bytes

(3)
1999 World Book
Access IBM
Access IBM Cleanup Utility
Access IBM Message Center
Access IBM Tools
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 8.1.1
Adobe SVG Viewer 3.0
AIM 6
AOL Uninstaller (Choose which Products to Remove)
AppCore
Apple Mobile Device Support
Apple Software Update
AVG Anti-Spyware 7.5
BitTornado 0.3.7
Business Contact Manager for Outlook 2003
ccCommon
CleanUp!
Component Framework
Excel QM 2
Family Tree Maker 2005
FinePixViewer Ver.4.1
FUJIFILM USB Driver
Google Earth
Google Photos Screensaver
GoZone iSync
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
IBM 32-bit Runtime Environment for Java 2, v1.4.0
IBM DLA
IBM RecordNow!
IBM Themes
IBM Update Connector
ImageMixer VCD2 for FinePix
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.1_04
Java Web Start
Java(tm) 6 Update 2
Java(tm) 6 Update 3
Java(tm) SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
LET IT SNOW Screensaver
Lexmark Z600 Series
Life Goals
LivePix
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Lotus SmartSuite Release 9
McFunSoft Video Solution Trial Version (English) 7.9.0.4
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MicroStaff WINASPI
Motorola Phone Tools
Mouse Suite
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MUSTEK 1200 UB v2.1
Natural Desktop
Netflix Movie Viewer
NetZero
NetZero Connection Wizard
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton Protection Center
Norton Security Scan
ParetoLogic Privacy Controls
PC-Doctor for Windows
PhoneTools
Plato DVD Creator 3.47
Punch! 5 in 1 Home Design
QM for Windows (Version 2)
QuickTime
RealPlayer
RegCure 1.3.0.2
Rhapsody Player Engine
Rio Internet Update
Rio Music Manager
Road Runner Medic 6.0.0.6
RoadRunner
SAMSUNG CDMA Modem Driver Set
Samsung USB Driver (MCCI 4.16)
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Second Nature - A Place in Time by Robert Hayes
Second Nature - Celtic Visions
Second Nature - Sunrise - Sunset
Second Nature - The Emerald Isle by Richard Cummins
Second Nature Screen Saver Update
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Series 66 Databank
Series 7 Databank
Sonic Update Manager
SoundMAX
SPBBC 32bit
Sprint PCS Connection Manager
Spyware Doctor 5.1
Symantec KB-DocID:2003093015493306
Symantec Technical Support Web Controls
SymNet
TextBridge Pro 8.0
The Crystal Key v11
ThinkCentre Wallpaper
U.S. Robotics Instant Update
U.S. Robotics Internet Call Notification
U.S. Robotics V.92 PCI Faxmodem
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Veo Digital Studio
Veo Stingray
Viewpoint Media Player
Wall Street Trader 2000
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client
Windows Rights Management Client Backwards Compatibility
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
Yahoo! Address AutoComplete
Yahoo! Internet Mail
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Adware/Trojan Virus Infection
« Reply #7 on: January 04, 2008, 11:44:37 AM »
You should uninstall the following older versions of Sun Java
With your browser windows closed, access add/remove programs and remove the following

J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.1_04
Javaâ„¢ 6 Update 2

Javaâ„¢ SE Runtime Environment 6 Update 1

Don't reboot yet
Remove the following also
Viewpoint Media Player

Do a "System scan only" with Hijackthis and put a check next to these entries:

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)

O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://D:\games\WebDriverFullInstall.exe


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Then reboot your computer

I can't find no info on those files you scanned
They came back clean, but I'm unsure what they're related too
The closest I could find is adware adrotate
Which would make sense considering the effects your computer has had

Can you delete your copy of combofix.exe on desktop
Redownload it from the link I gave you then run it again and post it's log

Also post a fresh hijackthis log
Keep me informed how things are running please
« Last Edit: January 04, 2008, 11:47:51 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline caisig

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Adware/Trojan Virus Infection
« Reply #8 on: January 05, 2008, 07:16:03 AM »
Hi.  My PC seems to be running okay, but is still infected.  My background is fine, I am not getting any virtual memory messages, and computer response time is good, so there have been quite a few big improvements.  When I restarted after running the Hijakthis fix for the items you mentioned, my spyware told me that it found 6 infections on startup - 4 tracking cookies and some registry values.

(1)
ComboFix 08-01-05.7 - Casey Costello 2008-01-05  6:45:53.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.807 [GMT -5:00]
Running from: C:\Documents and Settings\Casey Costello\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2007-12-05 to 2008-01-05  )))))))))))))))))))))))))))))))
.

2008-01-05 06:40 . 2008-01-05 06:40 103,302 --a------ C:\sr0
2008-01-05 06:40 . 2008-01-05 06:40 3,308 --a------ C:\sr0.1
2008-01-05 06:40 . 2008-01-05 06:40 2,503 --a------ C:\sr0.2
2008-01-04 06:20 . 2008-01-04 07:12 2,664 --a------ C:\s3v4.2
2008-01-03 19:29 . 2008-01-04 07:12 5,875,019 --a------ C:\s3v4
2008-01-03 19:29 . 2008-01-04 07:12 3,518 --a------ C:\s3v4.1
2008-01-03 06:50 . 2008-01-03 07:03 2,746 --a------ C:\s114
2008-01-02 18:56 . 2008-01-02 18:59 115,299 --a------ C:\s2kc.2
2008-01-02 18:56 . 2008-01-02 18:59 88,255 --a------ C:\s2kc.1
2008-01-02 18:56 . 2008-01-02 18:59 15,912 --a------ C:\s2kc.3
2008-01-02 18:56 . 2008-01-02 18:59 4,781 --a------ C:\s2kc
2008-01-01 13:00 . 2008-01-01 14:24 1,117,957 --a------ C:\smg.1
2008-01-01 13:00 . 2008-01-01 14:24 74,696 --a------ C:\smg.2
2008-01-01 13:00 . 2008-01-01 14:24 3,528 --a------ C:\smg
2008-01-01 12:42 . 2008-01-04 07:26 4,996 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-01 11:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 09:05 . 2008-01-01 11:43 2,587 --a------ C:\sfc.a
2007-12-31 18:00 . 2008-01-01 11:43 11,414 --a------ C:\sfc.6
2007-12-31 18:00 . 2008-01-01 11:43 3,299 --a------ C:\sfc.7
2007-12-31 18:00 . 2008-01-01 11:43 3,109 --a------ C:\sfc.8
2007-12-31 18:00 . 2008-01-01 11:43 2,738 --a------ C:\sfc.9
2007-12-31 18:00 . 2008-01-01 11:43 2,515 --a------ C:\sfc.5
2007-12-30 10:55 . 2008-01-01 11:43 12,965 --a------ C:\sfc.1
2007-12-30 10:55 . 2008-01-01 11:43 7,112 --a------ C:\sfc.3
2007-12-30 10:55 . 2008-01-01 11:43 2,679 --a------ C:\sfc.2
2007-12-30 10:55 . 2008-01-01 11:43 1,834 --a------ C:\sfc.4
2007-12-29 21:30 . 2007-12-29 21:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-29 21:26 . 2007-12-29 22:04 3,605 --a------ C:\sqc.5
2007-12-29 21:26 . 2007-12-29 22:04 2,883 --a------ C:\sqc.6
2007-12-29 20:55 . 2007-12-29 20:55 <DIR> d-------- C:\Documents and Settings\Casey Costello\Application Data\ParetoLogic
2007-12-29 20:54 . 2007-12-29 20:54 <DIR> d-------- C:\Program Files\ParetoLogic
2007-12-29 20:54 . 2007-12-29 20:54 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2007-12-29 20:54 . 2007-12-29 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2007-12-29 20:54 . 2007-12-29 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-12-29 20:09 . 2007-12-29 21:02 <DIR> d-------- C:\Program Files\RegCure
2007-12-29 17:06 . 2007-12-29 17:06 <DIR> d-------- C:\Documents and Settings\Casey Costello\Application Data\Grisoft
2007-12-29 17:05 . 2007-12-29 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-29 17:05 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-29 09:28 . 2007-12-29 09:31 185,139 --a------ C:\s1oc.5
2007-12-29 09:28 . 2007-12-29 09:31 6,520 --a------ C:\s1oc.1
2007-12-29 09:28 . 2007-12-29 09:31 4,079 --a------ C:\s1oc.4
2007-12-29 09:28 . 2007-12-29 09:31 2,626 --a------ C:\s1oc.8
2007-12-29 09:28 . 2007-12-29 09:31 2,585 --a------ C:\s1oc.3
2007-12-29 09:28 . 2007-12-29 09:31 2,575 --a------ C:\s1oc.2
2007-12-29 09:28 . 2007-12-29 09:31 1,993 --a------ C:\s1oc.7
2007-12-29 09:28 . 2007-12-29 09:31 1,797 --a------ C:\s1oc
2007-12-29 09:28 . 2007-12-29 09:31 1,671 --a------ C:\s1oc.6
2007-12-27 19:39 . 2007-12-27 19:39 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-27 19:34 . 2007-12-27 19:46 2,579 --a------ C:\s3sk.2
2007-12-27 19:23 . 2007-12-27 19:46 8,849 --a------ C:\s3sk
2007-12-27 19:23 . 2007-12-27 19:46 3,117 --a------ C:\s3sk.1
2007-12-27 18:43 . 2007-12-27 18:43 <DIR> d-------- C:\WINDOWS\RegistryCleaner
2007-12-27 17:49 . 2007-12-27 17:49 <DIR> d-------- C:\Documents and Settings\Casey Costello\Application Data\System Tweaker
2007-12-27 15:31 . 2007-12-29 17:20 <DIR> d-------- C:\Program Files\Uniblue
2007-12-27 15:31 . 2007-12-27 15:31 <DIR> d-------- C:\Documents and Settings\Casey Costello\Application Data\Uniblue
2007-12-27 15:31 . 2007-12-27 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-12-27 14:17 . 2007-12-27 18:24 199,167 --a------ C:\sfg.1
2007-12-27 14:17 . 2007-12-27 18:24 2,551 --a------ C:\sfg
2007-12-27 03:34 . 2007-12-27 10:31 79,933 --a------ C:\s2ik.j
2007-12-27 03:34 . 2007-12-27 10:31 14,505 --a------ C:\s2ik.d
2007-12-27 03:34 . 2007-12-27 10:31 2,834 --a------ C:\s2ik.g
2007-12-27 03:34 . 2007-12-27 10:31 2,714 --a------ C:\s2ik.h
2007-12-27 03:34 . 2007-12-27 10:31 2,636 --a------ C:\s2ik.e
2007-12-27 03:34 . 2007-12-27 10:31 2,636 --a------ C:\s2ik.c
2007-12-27 03:34 . 2007-12-27 10:31 2,632 --a------ C:\s2ik.i
2007-12-27 03:34 . 2007-12-27 10:31 1,997 --a------ C:\s2ik.f
2007-12-23 17:41 . 2007-12-23 18:04 464,343 --a------ C:\smo.3
2007-12-23 17:41 . 2007-12-23 18:04 2,929 --a------ C:\smo
2007-12-23 17:41 . 2007-12-23 18:04 2,572 --a------ C:\smo.1
2007-12-23 17:41 . 2007-12-23 18:04 2,038 --a------ C:\smo.2
2007-12-22 17:44 . 2007-12-22 18:12 1,802,068 --a------ C:\sn4.2
2007-12-22 17:44 . 2007-12-22 18:12 14,204 --a------ C:\sn4
2007-12-22 17:44 . 2007-12-22 18:12 2,659 --a------ C:\sn4.1
2007-12-19 21:32 . 2008-01-04 07:46 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-19 21:32 . 2007-12-19 21:32 <DIR> d-------- C:\Documents and Settings\Casey Costello\Application Data\PC Tools
2007-12-19 21:32 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-19 21:32 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-19 21:32 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-19 21:32 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-19 20:38 . 2007-12-19 21:22 89,906 --a------ C:\s1dc.4
2007-12-19 20:34 . 2008-01-05 06:42 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 16:37 . 2007-12-19 16:42 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-12-19 16:14 . 2007-12-19 16:14 <DIR> d-------- C:\WINDOWS\system32\runtime
2007-12-19 16:12 . 2007-12-19 16:12 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-12-19 15:33 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-19 12:51 . 2007-12-19 12:51 <DIR> d-------- C:\Program Files\Windows Sidebar
2007-12-19 12:50 . 2007-12-19 13:00 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-19 12:50 . 2007-12-19 13:00 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-19 12:50 . 2007-12-19 13:00 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-19 12:50 . 2007-12-19 13:00 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-19 10:58 . 2007-12-19 10:58 <DIR> d-------- C:\Documents and Settings\Casey Costello\Application Data\Tenebril
2007-12-19 10:48 . 2007-12-19 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-12-19 10:45 . 2007-12-19 10:45 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-12-19 10:45 . 2005-10-12 23:10 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-12-19 10:22 . 2007-12-19 10:57 <DIR> d-------- C:\Program Files\Netcom3 Cleaner
2007-12-19 08:55 . 2007-12-19 09:21 11,624 --a------ C:\s31o.8
2007-12-19 08:55 . 2007-12-19 09:21 4,954 --a------ C:\s31o.7
2007-12-19 08:55 . 2007-12-19 09:21 2,453 --a------ C:\s31o.9
2007-12-18 17:07 . 2007-12-19 08:38 14,581 --a------ C:\so4.1
2007-12-18 17:07 . 2007-12-19 08:38 11,908 --a------ C:\so4

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 11:30 --------- d-----w C:\Documents and Settings\Casey Costello\Application Data\Viewpoint
2008-01-05 11:26 --------- d-----w C:\Program Files\Java
2008-01-04 11:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-01 16:40 --------- d-----w C:\Program Files\AIM6
2008-01-01 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-01 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-30 02:06 --------- d-----w C:\Program Files\Google
2007-12-30 02:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-30 01:37 --------- d-----w C:\Program Files\PC-Doctor for Windows
2007-12-29 21:59 --------- d-----w C:\Program Files\Punch! 5 in 1
2007-12-20 11:56 --------- d-----w C:\Program Files\Yahoo!
2007-12-20 03:00 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-20 02:55 --------- d-----w C:\Program Files\Common Files\Real
2007-12-19 18:03 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-19 18:00 --------- d-----w C:\Program Files\Symantec
2007-12-19 17:59 --------- d-----w C:\Documents and Settings\Casey Costello\Application Data\Yahoo!
2007-12-19 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-19 16:31 --------- d-----w C:\Program Files\AWS
2007-12-19 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-12-17 01:48 --------- d-----w C:\Documents and Settings\Casey Costello\Application Data\AdobeUM
2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-28 00:50 --------- d-----w C:\Program Files\iTunes
2007-11-28 00:50 --------- d-----w C:\Program Files\iPod
2007-11-28 00:30 --------- d-----w C:\Program Files\QuickTime
2007-11-28 00:27 --------- d-----w C:\Program Files\Apple Software Update
2007-11-28 00:25 --------- d-----w C:\Program Files\Common Files\Apple
2007-11-28 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-18 11:24 7,028,144 ----a-w C:\Documents and Settings\Casey Costello\medic6.exe
2006-05-29 15:40 24,192 ----a-w C:\Documents and Settings\Casey Costello\usbsermptxp.sys
2006-05-29 15:40 22,768 ----a-w C:\Documents and Settings\Casey Costello\usbsermpt.sys
2005-01-10 03:38 184,808 ----a-w C:\Documents and Settings\Casey Costello\Application Data\shb.dat
2004-06-02 22:56 32 --sha-w C:\WINDOWS\{04BA7690-7AED-4E2D-A830-82D0143E5C73}.dat
2004-12-15 12:15 56 --sh--r C:\WINDOWS\system32\0D93706C9A.sys
2004-12-27 01:31 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-06-02 22:56 32 --sha-w C:\WINDOWS\system32\{8318FDD1-6A65-4069-9DA2-CBB6F145CF10}.dat
.

(((((((((((((((((((((((((((((   snapshot@2008-01-01_11.59.08.65   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-05 11:37:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_b34.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-19 12:52 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tgcmd"="" []
"spc_w"="C:\Program Files\NZSearch\nzspc.exe" [2004-11-09 03:29 286786]
"IBM RecordNow!"="" []
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2003-04-09 21:03 532480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 02:56 380416 C:\WINDOWS\system32\irprops.cpl]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-11-08 17:50 98304]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-07-10 06:25 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-07-10 06:13 114688]
"UC_Start"="C:\IBMTools\Updater\ucstartup.exe" [2003-03-17 16:27 32768]
"ibmmessages"="c:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2003-04-09 21:03 532480]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [1998-12-10 12:57 37376]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 11:33 23040]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 17:34 213936]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-02 01:05 127035]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2006-03-20 17:34 86960]
"Net-It Launcher"="C:\WINDOWS\system32\NILaunch.exe" [1998-02-05 14:16 24576]
"HostManager"="C:\Program Files\Common Files\AOL\1144029693\ee\AOLSoftware.exe" [2006-05-09 19:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 11:59 124520]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 23:53 714608]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 21:55 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 11:33 23040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Casey Costello\Start Menu\Programs\Startup\
GoZone iSync.lnk - C:\Program Files\GoZone\GoZone_iSync.exe [2007-05-05 14:46:52]
Natural Desktop.lnk - C:\Program Files\Stardock\DesktopGadgets\NaturalDesktop\NaturalDesktop.exe [2006-03-11 20:35:33]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Snsicon.lnk - C:\Program Files\Second Nature\Snsicon.exe [2005-01-06 08:51:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"= 0 (0x0)

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07]
R3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-04 00:58]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 DCamUSBVeo532;Veo Web Camera;C:\WINDOWS\system32\Drivers\ubVeo532.sys [2002-07-01 17:30]
S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-19 17:56:39 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Casey Costello.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
"2007-12-30 01:55:13 C:\WINDOWS\Tasks\ParetoLogic Update.job"
- C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
"2008-01-05 11:39:17 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-30 01:09:38 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-01 17:00:00 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 06:54:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\PROGRA~1\TEXTBR~1.0\Bin\TBMHOOK.dll
.
Completion time: 2008-01-05  6:57:25
ComboFix-quarantined-files.txt  2008-01-05 11:57:11
ComboFix2.txt  2008-01-01 18:10:41
ComboFix3.txt  2008-01-01 17:00:25
.
2007-12-19 15:05:30 --- E O F ---  

(2)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:18 AM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Program Files\Common Files\AOL\1144029693\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NZSearch\nzspc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Second Nature\Snsicon.exe
C:\Program Files\GoZone\GoZone_iSync.exe
C:\Program Files\Stardock\DesktopGadgets\NaturalDesktop\NaturalDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] c:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144029693\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe
O4 - Startup: Natural Desktop.lnk = C:\Program Files\Stardock\DesktopGadgets\NaturalDesktop\NaturalDesktop.exe
O4 - Global Startup: Snsicon.lnk = C:\Program Files\Second Nature\Snsicon.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://software-dl.real.com/26f4efcf556a85...ne_Inst_Win.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://usfulfillment.puretracks.com/onager.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://emeetings.humana.com/sametime/STMee...STJNILoader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141779362156
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_04) -
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sprint PCS v3 Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sprint PCS Connection Manager\CMSPCSUtilSvc.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - Sprint Spectrum, L.L.C - (no file)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12826 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Adware/Trojan Virus Infection
« Reply #9 on: January 05, 2008, 01:43:03 PM »
Do a "System scan only" with Hijackthis and put a check next to these entries:

O16 - DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_04) -


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Let's clear those files and put them in a safe place for now

Download [color=\"blue\"]OTMoveIt2.exe[/color] by OldTimer:
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the entries below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

    ================================================

    C:\sr0
    C:\sr0.1
    C:\sr0.2
    C:\s3v4.2
    C:\s3v4
    C:\s3v4.1
    C:\s114
    C:\s2kc.2
    C:\s2kc.1
    C:\s2kc.3
    C:\s2kc
    C:\smg.1
    C:\smg.2
    C:\smg
    C:\sfc.a
    C:\sfc.6
    C:\sfc.7
    C:\sfc.8
    C:\sfc.9
    C:\sfc.5
    C:\sfc.1
    C:\sfc.3
    C:\sfc.2
    C:\sfc.4
    C:\sqc.5
    C:\sqc.6
    C:\s1oc.5
    C:\s1oc.1
    C:\s1oc.4
    C:\s1oc.8
    C:\s1oc.3
    C:\s1oc.2
    C:\s1oc.7
    C:\s1oc
    C:\s1oc.6
    C:\s3sk.2
    C:\s3sk
    C:\s3sk.1
    C:\sfg.1
    C:\sfg
    C:\s2ik.j
    C:\s2ik.d
    C:\s2ik.g
    C:\s2ik.h
    C:\s2ik.e
    C:\s2ik.c
    C:\s2ik.i
    C:\s2ik.f
    C:\smo.3
    C:\smo
    C:\smo.1
    C:\smo.2
    C:\sn4.2
    C:\sn4
    C:\sn4.1
    C:\s1dc.4
    C:\s31o.8
    C:\s31o.7
    C:\s31o.9
    C:\so4.1
    C:\so4


    ======================================================
  • Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window  and choose "Paste".
  • Click the red "[color=\"red\"]MoveIt![/color]" button.
  • Close OTMoveIt when it has completed.
[color=\"red\"]Note[/color]:  If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Can you post that log please

Also, navigate to your C:\ folder
Do you see any other files that look similiar to the ones we just removed?

Quote
4 tracking cookies and some registry values
Don't worry about the tracking cookies and reg. values
Is that what your referring to as still infected?
« Last Edit: January 05, 2008, 01:44:31 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »