Going around in a cirle

[Lordlaw64]

Hi guys. Would appreciate your help after my computer has become infected and er i tried to fix it myself

Had Smitfraud, Virtumonde and Zlob (even though I have norton!) Downloaded Search and destroy and it found things to fix but when I do they seem to return on reboot. Have a few malware removal pop ups avery few minutes or so.

Downloaded HijackThis and smitfraud fix. Although things seem to be better I don't think my machine is clean at all.

Any suggestions?

Many thanks

Danny

 

[__RiP_ChAiN_]

Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

[Lordlaw64]

Here's my HJK log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:55, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~3\NSR\Agent\VProSvc.exe
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Thomson\ST122g\SiSWLSvc.exe
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\apps\Powercinema\PCMService.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\PROGRA~1\NORTON~3\NSR\Agent\NSRTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
C:\Program Files\Belkin\Belkin keypad driver\KbdAp32A.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\yfypuzqx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Thomson\ST122g\WlanCU.exe
C:\Program Files\DTV\DVB-T USB 2.0\RC.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: Shell=
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: qvdntlmw - {2D4651A7-58C8-4530-8787-88C8B6DC774E} - C:\WINDOWS\qvdntlmw.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NSRKey] C:\PROGRA~1\NORTON~3\NSR\Agent\NSRTray.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\PROGRA~1\NORTON~3\NSR\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks Premier\osCheck.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Belkin\Belkin keypad driver\KbdAp32A.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [gjsxffqb] C:\WINDOWS\system32\yfypuzqx.exe
O4 - HKCU\..\Run: [byozigxj] C:\WINDOWS\system32\dujopkrm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RC.exe.lnk = C:\Program Files\DTV\DVB-T USB 2.0\RC.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: MMAUSBCM.LNK = E:\USB Audio\Quattro\WINXP\MMAUSBCM.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Configuration Utility.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161325146453
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3090C1B-7901-4913-8EB1-73487F735F7D}: NameServer = 192.168.11.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WinDrive - {d76ae28d-da07-4cec-809e-b205275ad830} - C:\WINDOWS\Installer\{d76ae28d-da07-4cec-809e-b205275ad830}\WinDrive.dll (file missing)
O21 - SSODL: dwnrpofk - {5D9977EA-E2CD-46C2-92C7-7D07C0084DBC} - C:\WINDOWS\dwnrpofk.dll (file missing)
O21 - SSODL: vbgtorfd - {24169CCC-FFEF-4156-95D6-D83DF3C038D9} - C:\WINDOWS\vbgtorfd.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: M-Audio Audiophile Installer (MAudioAudiophileService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\PROGRA~1\NORTON~3\NSR\Agent\VProSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\Thomson\ST122g\SiSWLSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 17891 bytes


Many thanks

 

[__RiP_ChAiN_]

Hello Lordlaw64,

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

----------------------------------------------- Step 2

Please download ComboFix by sUBs from HERE.

• You must download it to and run it from your Desktop
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

[Lordlaw64]

New CF log and HJT to follow

Thanks __RiP_ChAiN_. I actaully downloaded CF before I changed the HJT settings. I didn't run it though until when you instructed me to.

Here are my logs: HJT in seperate reply.

CF:

ComboFix 08-04-02.1 - Danny 2008-04-04 11:22:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.380 [GMT 1:00]
Running from: D:\Documents and Settings\Danny\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\Installer\{d76ae28d-da07-4cec-809e-b205275ad830}\WinDrive.dll
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver\bcm43xx.cat
C:\WINDOWS\system32\driver\RNDISMP.sys
C:\WINDOWS\system32\driver\RNDISMPK.sys
C:\WINDOWS\system32\driver\usb8023.sys
C:\WINDOWS\system32\driver\usb8023k.sys
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
D:\Documents and Settings\A nother\Desktopblackbird.jpg
D:\Documents and Settings\A nother\DesktopEditorFKWP1.5.exe
D:\Documents and Settings\A nother\DesktopEditorFKWP2.0.exe
D:\Documents and Settings\A nother\Desktopfilemanagerclient.exe
D:\Documents and Settings\A nother\Desktopfkwp1.5.exe
D:\Documents and Settings\A nother\Desktopfkwp2.0.exe
D:\Documents and Settings\A nother\Desktopfwebd.exe
D:\Documents and Settings\A nother\DesktopFWebdEditor.exe
D:\Documents and Settings\A nother\DesktopTrojan.Win32.BlackBird.exe
D:\Documents and Settings\A nother\Desktopvirii
D:\Documents and Settings\Danny\Desktop\Error Cleaner.url
D:\Documents and Settings\Danny\Desktop\Privacy Protector.url
D:\Documents and Settings\Danny\Desktop\Spyware&Malware Protection.url
D:\Documents and Settings\Danny\Desktopblackbird.jpg
D:\Documents and Settings\Danny\DesktopEditorFKWP1.5.exe
D:\Documents and Settings\Danny\DesktopEditorFKWP2.0.exe
D:\Documents and Settings\Danny\Desktopfilemanagerclient.exe
D:\Documents and Settings\Danny\Desktopfkwp1.5.exe
D:\Documents and Settings\Danny\Desktopfkwp2.0.exe
D:\Documents and Settings\Danny\Desktopfwebd.exe
D:\Documents and Settings\Danny\DesktopFWebdEditor.exe
D:\Documents and Settings\Danny\DesktopTrojan.Win32.BlackBird.exe
D:\Documents and Settings\Danny\Desktopvirii
D:\Documents and Settings\Danny\Favorites\Error Cleaner.url
D:\Documents and Settings\Danny\Favorites\Privacy Protector.url
D:\Documents and Settings\Danny\Favorites\Spyware&Malware Protection.url

.
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-03-30 13:14 . 2008-03-30 13:14 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-30 13:14 . 2008-03-30 13:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-28 18:17 . 2008-03-28 18:17 94,208 --a------ C:\WINDOWS\system32\azcfsjmf.exe
2008-03-28 18:17 . 2008-03-28 18:17 268 --ah----- C:\sqmdata01.sqm
2008-03-28 18:17 . 2008-03-28 18:17 244 --ah----- C:\sqmnoopt01.sqm
2008-03-28 16:47 . 2008-03-28 16:47 106,496 --a------ C:\WINDOWS\system32\edebcrcf.exe
2008-03-28 12:27 . 2008-03-28 12:27 98,304 --a------ C:\WINDOWS\system32\adatozkr.exe
2008-03-28 11:07 . 2008-03-28 11:07 <DIR> d-------- C:\VundoFix Backups
2008-03-28 10:15 . 2008-03-28 10:45 5,624 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-28 10:07 . 2008-03-28 10:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-28 01:29 . 2008-03-28 01:29 90,112 --a------ C:\WINDOWS\system32\dujopkrm.exe
2008-03-27 20:13 . 2008-03-27 20:13 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-03-26 18:42 . 2008-03-26 18:45 <DIR> d-------- C:\NSS
2008-03-26 18:19 . 2008-03-26 18:19 98,304 --a------ C:\WINDOWS\system32\yfypuzqx.exe
2008-03-26 12:44 . 2008-03-26 13:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-26 12:44 . 2008-03-26 12:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-26 09:34 . 2008-03-26 09:34 98,304 --a------ C:\WINDOWS\system32\gxwfuvsp.exe
2008-03-26 09:31 . 2008-03-26 09:31 268 --ah----- C:\sqmdata00.sqm
2008-03-26 09:31 . 2008-03-26 09:31 244 --ah----- C:\sqmnoopt00.sqm
2008-03-25 21:50 . 2006-04-20 13:49 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-03-25 16:53 . 2008-03-25 16:53 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\exctipab
2008-03-07 15:03 . 2008-03-07 15:03 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-03-07 15:03 . 2008-03-07 15:03 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-03-07 14:40 . 2008-03-07 14:40 13,035 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-03-07 14:40 . 2008-03-07 14:40 1,358 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-03-07 14:39 . 2008-03-07 14:39 191,536 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-03-07 14:39 . 2008-03-07 14:39 145,968 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-03-07 14:39 . 2008-03-07 14:39 39,984 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-03-07 14:39 . 2008-03-07 14:39 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-03-07 14:39 . 2008-03-07 14:39 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-03-07 14:39 . 2008-03-07 14:39 27,696 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-03-07 14:39 . 2008-03-07 14:39 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 10:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-04 09:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-04-03 23:46 --------- d-----w C:\Program Files\LogMeIn
2008-03-26 08:10 --------- d-----w C:\Program Files\M-Audio Audiophile USB
2008-03-26 07:56 --------- d-----w C:\Program Files\WinAce
2008-03-24 12:21 --------- d-----w C:\Program Files\Norton SystemWorks Premier
2008-03-20 22:40 --------- d-----w C:\Program Files\Java
2008-03-11 10:55 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-06 21:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 21:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 21:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-14 10:20 --------- d-----w C:\Program Files\ProjectPoint-2008
2008-02-04 17:26 --------- d-----w D:\Documents and Settings\Danny\Application Data\ProjectPoint-2008
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2006-07-21 11:14 0 ----a-w D:\Documents and Settings\Danny\Application Data\wklnhst.dat
2005-09-14 09:58 20,480 ----a-w C:\Program Files\Common Files\UninstallDrv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2D4651A7-58C8-4530-8787-88C8B6DC774E}"= "C:\WINDOWS\qvdntlmw.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{2d4651a7-58c8-4530-8787-88c8b6dc774e}]
[HKEY_CLASSES_ROOT\qvdntlmw.1]
[HKEY_CLASSES_ROOT\TypeLib\{990E5B1C-5E9A-4D82-8C75-30D770D0F339}]
[HKEY_CLASSES_ROOT\qvdntlmw]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 09:51 975360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"gjsxffqb"="C:\WINDOWS\system32\yfypuzqx.exe" [2008-03-26 18:19 98304]
"byozigxj"="C:\WINDOWS\system32\dujopkrm.exe" [2008-03-28 01:29 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 12:14 557056 C:\WINDOWS\sm56hlpr.exe]
"nwiz"="nwiz.exe" [2005-08-02 16:35 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 16:49 15691264 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-20 13:49 26112]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 13:03 310272]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59 115816]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-11-16 14:11 143360]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-20 13:49 98304]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2006-10-30 15:34 3576512]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2006-03-16 10:54 99840]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"NSRKey"="C:\PROGRA~1\NORTON~3\NSR\Agent\NSRTray.exe" [2007-03-26 15:45 1582696]
"Norton Save and Restore"="C:\PROGRA~1\NORTON~3\NSR\Agent\NSRTray.exe" [2007-03-26 15:45 1582696]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 08:11 771704]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-17 11:18 1838592]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"NSWosCheck"="C:\Program Files\Norton SystemWorks Premier\osCheck.exe" [2007-12-03 02:41 25472]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 17:21 169328]
"LWBMOUSE"="C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE" [2005-08-22 18:16 356352]
"LWBKEYBOARD"="C:\Program Files\Belkin\Belkin keypad driver\KbdAp32A.exe" [2005-08-22 18:19 392704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

D:\Documents and Settings\Danny\Start Menu\Programs\Startup\
RC.exe.lnk - C:\Program Files\DTV\DVB-T USB 2.0\RC.exe [2006-01-06 11:16:41 49152]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-14 12:09:23 113664]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-05-04 16:46:40 962667]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-05-05 12:33:19 127488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-21 19:03 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\apps\\skype\\phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2005-07-06 05:52]
R2 Basics Service;Basics Service;"C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe" [2007-10-09 17:21]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
R2 MAudioAudiophileService;M-Audio Audiophile Installer;C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe [2006-03-14 11:52]
R2 Norton Save and Restore;Norton Save and Restore;C:\PROGRA~1\NORTON~3\NSR\Agent\VProSvc.exe [2007-03-26 15:45]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2007-08-02 16:38]
R3 SISNPF;SIS Netgroup Packet Filter;C:\WINDOWS\system32\drivers\SISNPF.sys [2005-12-23 12:16]
S3 LMASFltr;LMASFltr;C:\WINDOWS\system32\drivers\LMASFltr.sys [2002-12-05 01:25]
S3 maavsusb;M-Audio USB Audiophile;C:\WINDOWS\system32\drivers\MA763003.sys []
S3 MADFU003;MADFU003;C:\WINDOWS\system32\DRIVERS\MADFU003.sys [2006-03-16 10:53]
S3 MAUSBAP;Service for M-Audio Audiophile (WDM);C:\WINDOWS\system32\DRIVERS\mausbap.sys [2006-03-16 10:55]
S3 MMAUSB;M Audio USB ASIO Driver;C:\WINDOWS\system32\Drivers\MMAUSB.SYS [2002-12-05 01:25]
S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 17:09]
S3 USBNP4X4;M-Audio Audiophile USB Midi;C:\WINDOWS\system32\drivers\usbnp4x4.sys [2006-03-16 10:53]
S3 WDM_Capture_220A;DVB-T TV Receiver;C:\WINDOWS\system32\Drivers\WDM_Capture_220A.sys [2004-09-06 21:40]
S3 WDM_Loader_220A;DVB-T TV Loader;C:\WINDOWS\system32\Drivers\WDM_Loader_220A.sys [2005-12-28 10:37]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 10:07:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-25 08:58:54 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Danny.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-03-24 12:21:21 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks Premier\OBC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 11:24:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-04 11:25:38
ComboFix-quarantined-files.txt 2008-04-04 10:25:29
Pre-Run: 5,728,780,288 bytes free
Post-Run: 5,953,912,832 bytes free
.
2008-03-20 17:39:55 --- E O F ---

HJT to follow. Thanks again

 

[Lordlaw64]

HJT log as promised

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:33, on 04/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~3\NSR\Agent\VProSvc.exe
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Thomson\ST122g\SiSWLSvc.exe
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\apps\Powercinema\PCMService.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\PROGRA~1\NORTON~3\NSR\Agent\NSRTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
C:\Program Files\Belkin\Belkin keypad driver\KbdAp32A.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\yfypuzqx.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Thomson\ST122g\WlanCU.exe
C:\Program Files\DTV\DVB-T USB 2.0\RC.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: qvdntlmw - {2D4651A7-58C8-4530-8787-88C8B6DC774E} - C:\WINDOWS\qvdntlmw.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NSRKey] C:\PROGRA~1\NORTON~3\NSR\Agent\NSRTray.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\PROGRA~1\NORTON~3\NSR\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks Premier\osCheck.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Belkin\Belkin keypad driver\KbdAp32A.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [gjsxffqb] C:\WINDOWS\system32\yfypuzqx.exe
O4 - HKCU\..\Run: [byozigxj] C:\WINDOWS\system32\dujopkrm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RC.exe.lnk = C:\Program Files\DTV\DVB-T USB 2.0\RC.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: MMAUSBCM.LNK = E:\USB Audio\Quattro\WINXP\MMAUSBCM.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Configuration Utility.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161325146453
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3090C1B-7901-4913-8EB1-73487F735F7D}: NameServer = 192.168.11.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WinDrive - {d76ae28d-da07-4cec-809e-b205275ad830} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: M-Audio Audiophile Installer (MAudioAudiophileService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\PROGRA~1\NORTON~3\NSR\Agent\VProSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\Thomson\ST122g\SiSWLSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 16965 bytes

 

[__RiP_ChAiN_]

Hello Lordlaw64,

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\azcfsjmf.exe
C:\WINDOWS\system32\edebcrcf.exe
C:\WINDOWS\system32\adatozkr.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\dujopkrm.exe
C:\WINDOWS\qvdntlmw.dll
Folder::
C:\Program Files\PC-Cleaner
C:\VundoFix Backups
DirLook::
C:\NSS
D:\Documents and Settings\All Users\Application Data\exctipab
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2D4651A7-58C8-4530-8787-88C8B6DC774E}"=-
[-HKEY_CLASSES_ROOT\clsid\{2d4651a7-58c8-4530-8787-88c8b6dc774e}]
[-HKEY_CLASSES_ROOT\qvdntlmw.1]
[-HKEY_CLASSES_ROOT\TypeLib\{990E5B1C-5E9A-4D82-8C75-30D770D0F339}]
[-HKEY_CLASSES_ROOT\qvdntlmw]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gjsxffqb"=-
"byozigxj"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

 

[Lordlaw64]

Combo Log as requested

ComboFix 08-04-02.1 - Danny 2008-04-06 23:21:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.284 [GMT 1:00]
Running from: D:\Documents and Settings\Danny\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Danny\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\qvdntlmw.dll
C:\WINDOWS\system32\adatozkr.exe
C:\WINDOWS\system32\azcfsjmf.exe
C:\WINDOWS\system32\dujopkrm.exe
C:\WINDOWS\system32\edebcrcf.exe
C:\WINDOWS\system32\tmp.reg
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PC-Cleaner
C:\VundoFix Backups
C:\WINDOWS\system32\adatozkr.exe
C:\WINDOWS\system32\azcfsjmf.exe
C:\WINDOWS\system32\dujopkrm.exe
C:\WINDOWS\system32\edebcrcf.exe
C:\WINDOWS\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-03-30 13:14 . 2008-03-30 13:14 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-30 13:14 . 2008-03-30 13:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-28 18:17 . 2008-03-28 18:17 268 --ah----- C:\sqmdata01.sqm
2008-03-28 18:17 . 2008-03-28 18:17 244 --ah----- C:\sqmnoopt01.sqm
2008-03-28 10:07 . 2008-03-28 10:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-26 18:42 . 2008-03-26 18:45 <DIR> d-------- C:\NSS
2008-03-26 18:19 . 2008-03-26 18:19 98,304 --a------ C:\WINDOWS\system32\yfypuzqx.exe
2008-03-26 12:44 . 2008-03-26 13:32 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-26 12:44 . 2008-03-26 12:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-26 09:34 . 2008-03-26 09:34 98,304 --a------ C:\WINDOWS\system32\gxwfuvsp.exe
2008-03-26 09:31 . 2008-03-26 09:31 268 --ah----- C:\sqmdata00.sqm
2008-03-26 09:31 . 2008-03-26 09:31 244 --ah----- C:\sqmnoopt00.sqm
2008-03-25 21:50 . 2006-04-20 13:49 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-03-25 16:53 . 2008-03-25 16:53 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\exctipab
2008-03-07 15:03 . 2008-03-07 15:03 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-03-07 15:03 . 2008-03-07 15:03 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-03-07 14:40 . 2008-03-07 14:40 13,035 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-03-07 14:40 . 2008-03-07 14:40 1,358 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-03-07 14:39 . 2008-03-07 14:39 191,536 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-03-07 14:39 . 2008-03-07 14:39 145,968 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-03-07 14:39 . 2008-03-07 14:39 39,984 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-03-07 14:39 . 2008-03-07 14:39 37,936 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-03-07 14:39 . 2008-03-07 14:39 35,120 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-03-07 14:39 . 2008-03-07 14:39 27,696 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-03-07 14:39 . 2008-03-07 14:39 12,848 --a------ C:\WINDOWS\system32\drivers\symdns.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 22:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-06 22:17 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-04-06 17:40 --------- d-----w C:\Program Files\LogMeIn
2008-03-26 08:10 --------- d-----w C:\Program Files\M-Audio Audiophile USB
2008-03-26 07:56 --------- d-----w C:\Program Files\WinAce
2008-03-24 12:21 --------- d-----w C:\Program Files\Norton SystemWorks Premier
2008-03-20 22:40 --------- d-----w C:\Program Files\Java
2008-03-11 10:55 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-06 21:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 21:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 21:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-14 10:20 --------- d-----w C:\Program Files\ProjectPoint-2008
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2006-07-21 11:14 0 ----a-w D:\Documents and Settings\Danny\Application Data\wklnhst.dat
2005-09-14 09:58 20,480 ----a-w C:\Program Files\Common Files\UninstallDrv.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\NSS ----

2008-03-15 03:50 45424 --a------ C:\NSS\SKURes.dll
2008-02-28 22:59 592240 --a------ C:\NSS\Nss.exe
2008-02-28 22:59 109424 --a------ C:\NSS\ScanRes.dll
2008-02-28 22:55 913240 --a------ C:\NSS\SAUpdt.dll
2008-02-28 22:55 626688 --a------ C:\NSS\msvcr80.dll
2008-02-28 22:55 548864 --a------ C:\NSS\msvcp80.dll
2008-02-28 22:55 26782 --a------ C:\NSS\help.hta
2008-02-28 22:55 266584 --a------ C:\NSS\ScanCore.dll
2008-02-28 22:55 1869 --a------ C:\NSS\Microsoft.VC80.CRT.manifest
2008-02-28 22:54 632184 --a------ C:\NSS\DefUtDCD.dll
2008-02-28 22:54 43176 --a------ C:\NSS\ecmldr32.dll
2008-02-28 22:54 39808 --a------ C:\NSS\patch25d.dll
2008-02-28 22:54 321152 --a------ C:\NSS\msl.dll
2008-02-28 22:54 1291616 --a------ C:\NSS\dec_abi.dll
2007-08-24 23:14 616808 --a------ C:\NSS\ccL70U.dll
2007-08-24 23:07 369512 --a------ C:\NSS\ccScanw.dll
2007-08-24 23:07 120680 --a------ C:\NSS\ccVrTrst.dll

---- Directory of D:\Documents and Settings\All Users\Application Data\exctipab ----

2008-03-25 16:53 35328 --a------ D:\Documents and Settings\All Users\Application Data\exctipab\arkjurav.exe


((((((((((((((((((((((((((((( snapshot@2008-04-04_11.25.16.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-04 07:16:46 63,304 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-04 14:12:07 63,304 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-04 07:16:46 404,276 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-04 14:12:07 404,276 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-04 14:08:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_744.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 09:51 975360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 12:14 557056 C:\WINDOWS\sm56hlpr.exe]
"nwiz"="nwiz.exe" [2005-08-02 16:35 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 16:49 15691264 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-20 13:49 26112]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 13:03 310272]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59 115816]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-11-16 14:11 143360]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-20 13:49 98304]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2006-10-30 15:34 3576512]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2006-03-16 10:54 99840]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"NSRKey"="C:\PROGRA~1\NORTON~3\NSR\Agent\NSRTray.exe" [2007-03-26 15:45 1582696]
"Norton Save and Restore"="C:\PROGRA~1\NORTON~3\NSR\Agent\NSRTray.exe" [2007-03-26 15:45 1582696]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 08:11 771704]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-17 11:18 1838592]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"NSWosCheck"="C:\Program Files\Norton SystemWorks Premier\osCheck.exe" [2007-12-03 02:41 25472]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 17:21 169328]
"LWBMOUSE"="C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE" [2005-08-22 18:16 356352]
"LWBKEYBOARD"="C:\Program Files\Belkin\Belkin keypad driver\KbdAp32A.exe" [2005-08-22 18:19 392704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

D:\Documents and Settings\Danny\Start Menu\Programs\Startup\
RC.exe.lnk - C:\Program Files\DTV\DVB-T USB 2.0\RC.exe [2006-01-06 11:16:41 49152]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-14 12:09:23 113664]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-05-04 16:46:40 962667]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-05-05 12:33:19 127488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-21 19:03 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\apps\\skype\\phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2005-07-06 05:52]
R2 Basics Service;Basics Service;"C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe" [2007-10-09 17:21]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
R2 MAudioAudiophileService;M-Audio Audiophile Installer;C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe [2006-03-14 11:52]
R2 Norton Save and Restore;Norton Save and Restore;C:\PROGRA~1\NORTON~3\NSR\Agent\VProSvc.exe [2007-03-26 15:45]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2007-08-02 16:38]
R3 SISNPF;SIS Netgroup Packet Filter;C:\WINDOWS\system32\drivers\SISNPF.sys [2005-12-23 12:16]
S3 LMASFltr;LMASFltr;C:\WINDOWS\system32\drivers\LMASFltr.sys [2002-12-05 01:25]
S3 maavsusb;M-Audio USB Audiophile;C:\WINDOWS\system32\drivers\MA763003.sys []
S3 MADFU003;MADFU003;C:\WINDOWS\system32\DRIVERS\MADFU003.sys [2006-03-16 10:53]
S3 MAUSBAP;Service for M-Audio Audiophile (WDM);C:\WINDOWS\system32\DRIVERS\mausbap.sys [2006-03-16 10:55]
S3 MMAUSB;M Audio USB ASIO Driver;C:\WINDOWS\system32\Drivers\MMAUSB.SYS [2002-12-05 01:25]
S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 17:09]
S3 USBNP4X4;M-Audio Audiophile USB Midi;C:\WINDOWS\system32\drivers\usbnp4x4.sys [2006-03-16 10:53]
S3 WDM_Capture_220A;DVB-T TV Receiver;C:\WINDOWS\system32\Drivers\WDM_Capture_220A.sys [2004-09-06 21:40]
S3 WDM_Loader_220A;DVB-T TV Loader;C:\WINDOWS\system32\Drivers\WDM_Loader_220A.sys [2005-12-28 10:37]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-06 22:07:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-25 08:58:54 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Danny.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-03-24 12:21:21 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks Premier\OBC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 23:25:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-06 23:26:51
ComboFix-quarantined-files.txt 2008-04-06 22:26:47
ComboFix2.txt 2008-04-04 10:25:39
Pre-Run: 5,594,984,448 bytes free
Post-Run: 5,779,144,704 bytes free
.
2008-03-20 17:39:55 --- E O F ---

HJT to follow next. Many thanks

 

[Lordlaw64]

HJK Log as promised

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:01, on 2008-04-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~3\NSR\Agent\VProSvc.exe
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Thomson\ST122g\SiSWLSvc.exe
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\apps\Powercinema\PCMService.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\PROGRA~1\NORTON~3\NSR\Agent\NSRTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
C:\Program Files\Belkin\Belkin keypad driver\KbdAp32A.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Thomson\ST122g\WlanCU.exe
C:\Program Files\DTV\DVB-T USB 2.0\RC.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: qvdntlmw - {2D4651A7-58C8-4530-8787-88C8B6DC774E} - C:\WINDOWS\qvdntlmw.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NSRKey] C:\PROGRA~1\NORTON~3\NSR\Agent\NSRTray.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\PROGRA~1\NORTON~3\NSR\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks Premier\osCheck.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Belkin\Belkin keypad driver\KbdAp32A.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RC.exe.lnk = C:\Program Files\DTV\DVB-T USB 2.0\RC.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: MMAUSBCM.LNK = E:\USB Audio\Quattro\WINXP\MMAUSBCM.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Configuration Utility.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161325146453
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3090C1B-7901-4913-8EB1-73487F735F7D}: NameServer = 192.168.11.1
O21 - SSODL: WinDrive - {d76ae28d-da07-4cec-809e-b205275ad830} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: M-Audio Audiophile Installer (MAudioAudiophileService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Audiophile USB\MAUSBAPInst.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\PROGRA~1\NORTON~3\NSR\Agent\VProSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\Thomson\ST122g\SiSWLSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 17215 bytes

Many thanks Lordlaw64

 

[Lordlaw64]

note

Hi __RiP_ChAiN_ just thought I would mention. When Combofix ran and produced the log All my icons disappeared after I saved it. Had to cold boot. I presume it was normal and correct to allow the changes that S&D highlighted and asked for an answer? And finally Norton security in my browser says it's not safe as Auto protect is off

 

[Lordlaw64]

Update

Hi just rebooted a couple of times and things seem to be running ok so far. Sorted the Norton thing.

lordlaw64

 

[__RiP_ChAiN_]

Hello Lordlaw64,

Using Windows Explorer delete the following folder (if present): (To get into Windows Explorer, right click the START button and select "explore.")

D:\Documents and Settings\All Users\Application Data\exctipab

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  
  • C:\NSS\Nss.exe
• Click on the submit button
  
• Please post the results in your next reply.

 

[__RiP_ChAiN_]

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me a private message (pm). A valid, working link to the closed topic is required.