Results 1 to 6 of 6
  1. #1
    Member
    Join Date
    Dec 2007
    Posts
    3
    Points
    0

    Default win32.linkreplacer - Torjan

    kindly followed all of your advice on the help two go pages. updated AVG and windows, cleared temp folders and ran spybot, ad-aware,ad-watch, everything. It's a tough one. Iwould really appriciate some more help! This ie defender popped up in spy bot but it would not let me clear it. Thanks! here is my last log.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:46:12 PM, on 12/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.rr.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: (no name) - rsion - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Video - {80590BC5-F4BA-4AD1-B216-C19EE86E2A77} - C:\WINDOWS\msvideo.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll (file missing)
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll (file missing)
    O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll (file missing)
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll (file missing)
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
    O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159066397421
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/a...ploader_v6.cab
    O23 - Service: McAfee Application Installer Cleanup (0017151197531229) (0017151197531229mcinstcleanup) - Unknown owner - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\001715~1.EXE (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    --
    End of file - 12003 bytes

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    Disconnect from the internet Close ALL browser windows

    (including this one) - run hijackthis and tick to fix (check the box next to) the list

    below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

    O2 - BHO: (no name) - rsion - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: Video - {80590BC5-F4BA-4AD1-B216-C19EE86E2A77} - C:\WINDOWS\msvideo.dll


    REBOOT...

    Find and delete :- C:\WINDOWS\msvideo.dll

    THEN ...

    Download Superantispyware.

    http://www.superantispyware.com/

    Once downloaded and installed update the definitions
    and then run a full system scan quarantine what it finds!

    * Double-click SUPERAntiSypware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting

    "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from

    here.)

    http://www.superantispyware.com/definitions.html

    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    o Close browsers before scanning.
    o Scan for tracking cookies.
    o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to

    return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    o Click Preferences, then click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o If there are several logs, click the current dated log and press View log. A text file will open in your default text

    editor.
    o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.

    THEN ...

    Please download Combofix: http://download.bleepingcomputer.com...a/ComboFix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Notes:
    * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
    * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported

    to detect combofix as Worm.Qiv.100.

    Please remember to post :-


    1. SUPERAntiSpyware Scan Log
    2. C:\ComboFix.txt
    3. a new hijackthis log.( run after everything else)

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #3
    Member
    Join Date
    Dec 2007
    Posts
    3
    Points
    0

    Default

    Thinkgs seem to be running a lot smoother but my internet connection is a little bit slow. I also have that IE shield on my computer and I think that that was part of the problem . I have no Idea though that is why I am here talking with you!! Thanks it is running a lot better though and I'm not getting weird browser connections. Here are my logs from all three. Thank you again for your time!


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/13/2007 at 05:13 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3360
    Trace Rules Database Version: 1359

    Scan type : Complete Scan
    Total Scan Time : 01:13:35

    Memory items scanned : 447
    Memory threats detected : 0
    Registry items scanned : 5400
    Registry threats detected : 0
    File items scanned : 74709
    File threats detected : 18

    Adware.Tracking Cookie
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@ads.re

    vsci[1].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@richme

    dia.yahoo[1].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@electro

    nicarts.112.2o7[1].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@adinter

    ax[2].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@ad.yiel

    dmanager[2].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@adopt.

    specificclick[1].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@questi

    onmarket[2].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@casale

    media[1].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[

    2].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@tacoda

    [2].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@media.

    adrevolver[2].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@ads.po

    introll[2].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@zedo[1

    ].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@double

    click[2].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@media

    plex[2].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@msnpo

    rtal.112.2o7[1].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@specifi

    cclick[1].txt
    C:\Documents and

    Settings\Compaq_Owner\Cookies\compaq_owner@adverti

    sing[1].txt





    ComboFix 07-12-12.3 - Compaq_Owner 2007-12-13

    17:26:51.1 - NTFSx86
    Running from: C:\Documents and

    Settings\Compaq_Owner\Local Settings\Temporary

    Internet Files\Content.IE5\3IIW2KI8\ComboFix[1].exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions

    )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Redemption.ECF
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2007-11-13 to

    2007-12-13 )))))))))))))))))))))))))))))))
    .

    2007-12-13 15:52 . 2007-12-13 15:52 d--------

    C:\Documents and Settings\All Users\Application

    Data\SUPERAntiSpyware.com
    2007-12-13 15:51 . 2007-12-13 15:56 d--------

    C:\Program Files\SUPERAntiSpyware
    2007-12-13 15:51 . 2007-12-13 15:51 d--------

    C:\Documents and Settings\Compaq_Owner\Application

    Data\SUPERAntiSpyware.com
    2007-12-13 13:04 . 2007-12-13 13:04 d--------

    C:\Program Files\Trend Micro
    2007-12-13 12:09 . 2007-12-13 12:09 d--------

    C:\Program Files\Lavasoft
    2007-12-13 12:09 . 2007-12-13 12:09 d--------

    C:\Documents and Settings\All Users\Application

    Data\Lavasoft
    2007-12-13 12:08 . 2007-12-13 15:51 d--------

    C:\Program Files\Common Files\Wise Installation Wizard
    2007-12-13 11:09 . 2007-12-13 12:38 d--------

    C:\Documents and Settings\All Users\Application

    Data\Spybot - Search & Destroy
    2007-12-13 02:16 . 2007-12-13 08:00 d--------

    C:\Documents and Settings\Compaq_Owner\Application

    Data\AVG7
    2007-12-13 02:15 . 2007-12-13 02:15 d--------

    C:\Documents and Settings\LocalService\Application

    Data\AVG7
    2007-12-13 02:14 . 2007-12-13 08:00 d--------

    C:\Documents and Settings\All Users\Application

    Data\avg7
    2007-12-13 01:52 . 2007-12-13 01:24 102,664 --a------

    C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-12-13 01:24 . 2007-12-13 12:48 d--------

    C:\Documents and Settings\Compaq_Owner\.housecall6.6
    2007-12-13 01:16 . 2007-12-13 03:02 d--------

    C:\WINDOWS\system32\ActiveScan
    2007-12-13 01:16 . 2007-12-13 01:16 30,590 --a------

    C:\WINDOWS\system32\pavas.ico
    2007-12-13 01:16 . 2007-12-13 01:16 2,550 --a------

    C:\WINDOWS\system32\Uninstall.ico
    2007-12-13 01:16 . 2007-12-13 01:16 1,406 --a------

    C:\WINDOWS\system32\Help.ico
    2007-12-12 19:05 . 2007-12-12 19:05 d--------

    C:\Program Files\Comodo
    2007-12-12 19:05 . 2007-11-26 10:38 238,848 --a------

    C:\WINDOWS\UNBOC.EXE
    2007-12-12 19:05 . 2007-05-08 17:01 208,896 --a------

    C:\WINDOWS\CMDLIC.DLL
    2007-12-12 19:05 . 2004-08-04 06:00 22,528 --a------

    C:\WINDOWS\system32\wsock32.dlb
    2007-12-12 18:51 . 2007-12-12 18:51 d--------

    C:\Documents and Settings\Compaq_Owner\Application

    Data\Lavasoft
    2007-12-12 18:50 . 2007-12-12 18:50 d--------

    C:\WINDOWS\system32\CSpool
    2007-12-12 18:50 . 2007-12-12 18:50 d--------

    C:\WINDOWS\SxsCaPendDel
    2007-12-12 18:50 . 2007-12-12 18:50 d--------

    C:\Program Files\Accessories
    2007-12-12 18:50 . 2007-12-13 02:14 d--------

    C:\Documents and Settings\All Users\Application

    Data\Grisoft
    2007-12-12 16:21 . 2005-09-23 08:29 626,688 --a------

    C:\WINDOWS\system32\msvcr80.dll
    2007-12-10 21:08 . 2007-12-10 21:08 118,784 --a------

    C:\WINDOWS\sfont.exe
    2007-12-10 18:39 . 2005-08-27 02:38 1,435,272

    --a------ C:\WINDOWS\system32\Flash.ocx
    2007-12-10 18:39 . 2003-11-19 13:59 512,688 --a------

    C:\WINDOWS\system32\XceedCry.dll
    2007-12-10 18:39 . 2004-05-11 09:56 423,784 --a------

    C:\WINDOWS\system32\XceedBkp.dll
    2007-12-10 18:39 . 2004-03-08 23:00 131,856 --a------

    C:\WINDOWS\system32\MSADODC.ocx
    2007-12-10 18:39 . 2001-03-28 22:02 89,088 --a------

    C:\WINDOWS\system32\ProgressBar4.ocx
    2007-12-10 18:39 . 1999-01-26 19:36 11,012 --a------

    C:\WINDOWS\system32\threadapi.tlb
    2007-12-10 18:28 . 2007-12-10 18:28 93 --a------

    C:\WINDOWS\slog.dll
    2007-12-10 17:34 . 2007-12-10 17:34 2,048 --a------

    C:\WINDOWS\system32\drivers\7FC7FDD9-FCCE-42EA-

    BED3-B948BC4168CF.cxv
    2007-12-10 17:31 . 2007-12-12 18:50 d--------

    C:\Program Files\STOPzilla!
    2007-12-10 17:31 . 2007-12-12 18:50 d--------

    C:\Documents and Settings\All Users\Application

    Data\STOPzilla!
    2007-12-08 20:21 . 2007-09-24 23:31 69,632 --a------

    C:\WINDOWS\system32\javacpl.cpl
    2007-12-07 16:33 . 2007-12-13 02:41 d--------

    C:\Program Files\Picasa2
    2007-12-07 16:33 . 2006-10-04 20:42 2,560 ---------

    C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-12-07 16:33 . 2006-10-04 20:42 2,432 ---------

    C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-12-07 16:27 . 2007-12-07 16:27 d--------

    C:\WINDOWS\Google Toolbar
    2007-12-07 16:19 . 2007-12-07 16:19 8,192 --ahs----

    C:\WINDOWS\Thumbs.db
    2007-12-06 20:41 . 2007-12-06 20:41 d--------

    C:\Documents and Settings\All Users\Application

    Data\PopCap
    2007-11-30 22:09 . 2007-11-30 22:09 d--------

    C:\Documents and Settings\Compaq_Owner\Application

    Data\MusicIP
    2007-11-30 19:42 . 2007-11-30 19:43 d--------

    C:\Program Files\MusicIP
    2007-11-21 18:46 . 2007-12-12 18:09 d-a------

    C:\Documents and Settings\All Users\Application

    Data\TEMP

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report

    ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-13 08:42 --------- d-----w C:\Program

    Files\QuickTime
    2007-12-13 08:32 --------- d-----w C:\Program

    Files\Google
    2007-12-13 08:30 --------- d---a-w C:\Program

    Files\Common Files\LightScribe
    2007-12-13 08:29 --------- d-----w C:\Program

    Files\Bonjour
    2007-12-13 00:35 --------- d-----w C:\Program

    Files\Shockwave.com
    2007-12-11 19:34 --------- d-----w C:\Documents

    and Settings\Compaq_Owner\Application Data\gtk-2.0
    2007-12-09 02:21 --------- d-----w C:\Program

    Files\Java
    2007-12-07 22:17 --------- d-----w C:\Program

    Files\Yahoo!
    2007-12-07 22:13 --------- d-----w C:\Program

    Files\Oberon Media
    2007-12-07 03:01 --------- d-----w C:\Documents

    and Settings\Compaq_Owner\Application Data\Yahoo!
    2007-12-05 06:38 --------- d-----w C:\Documents

    and Settings\All Users\Application Data\yahoo!
    2007-11-22 04:23 --------- d-----w C:\Program

    Files\McAfee
    2007-11-13 10:25 20,480 ----a-w

    C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-03 00:32 --------- d-----w C:\Program

    Files\_uninstallation_info
    2007-10-31 17:22 --------- d-----w C:\Documents

    and Settings\All Users\Application Data\SupportSoft
    2007-10-31 17:21 --------- d-----w C:\Program

    Files\Common Files\SupportSoft
    2007-10-31 17:20 --------- d-----w C:\Program

    Files\Comcast
    2007-10-30 23:42 3,590,656 ----a-w

    C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-29 22:43 1,287,680 ----a-w

    C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,287,680 ----a-w

    C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-29 03:33 --------- d-----w C:\Program

    Files\PartyGaming
    2007-10-27 23:40 222,720 ----a-w

    C:\WINDOWS\system32\wmasf.dll
    2007-10-27 23:40 222,720 ----a-w

    C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-26 03:34 8,460,288 ----a-w

    C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-15 04:16 --------- d-----w C:\Program

    Files\Easy MPEG AVI DIVX WMV RM to DVD
    2007-10-15 02:09 --------- d-----w C:\Documents

    and Settings\Compaq_Owner\Application Data\ImgBurn
    2007-10-15 01:54 --------- d-----w C:\Program

    Files\Speeditup Free
    2007-10-15 01:35 --------- d-----w C:\Documents

    and Settings\Compaq_Owner\Application Data\FinalBurner

    .ISO
    2007-10-14 00:54 --------- d-----w C:\Documents

    and Settings\Compaq_Owner\Application Data\FinalBurner

    DATA
    2007-10-10 23:56 824,832 ----a-w

    C:\WINDOWS\system32\dllcache\wininet.dll
    2007-10-10 23:56 232,960 ----a-w

    C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-10-10 23:56 1,159,680 ----a-w

    C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-10-10 23:55 671,232 ----a-w

    C:\WINDOWS\system32\dllcache\mstime.dll
    2007-10-10 23:55 63,488 ------w

    C:\WINDOWS\system32\dllcache\icardie.dll
    2007-10-10 23:55 6,065,664 ------w

    C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-10-10 23:55 52,224 ------w

    C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-10-10 23:55 478,208 ----a-w

    C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-10-10 23:55 459,264 ------w

    C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-10-10 23:55 44,544 ----a-w

    C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-10-10 23:55 384,512 ----a-w

    C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-10-10 23:55 383,488 ------w

    C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-10-10 23:55 27,648 ----a-w

    C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-10-10 23:55 267,776 ------w

    C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-10-10 23:55 230,400 ----a-w

    C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-10-10 23:55 214,528 ----a-w

    C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-10-10 23:55 193,024 ----a-w

    C:\WINDOWS\system32\dllcache\msrating.dll
    2007-10-10 23:55 153,088 ----a-w

    C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-10-10 23:55 132,608 ----a-w

    C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-10-10 23:55 124,928 ----a-w

    C:\WINDOWS\system32\dllcache\advpack.dll
    2007-10-10 23:55 105,984 ----a-w

    C:\WINDOWS\system32\dllcache\url.dll
    2007-10-10 23:55 102,400 ----a-w

    C:\WINDOWS\system32\dllcache\occache.dll
    2007-10-10 10:59 70,656 ----a-w

    C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-10-10 10:59 625,152 ----a-w

    C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-10-10 10:59 13,824 ------w

    C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-10-10 05:46 161,792 ----a-w

    C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-07-16 14:27 402 ----a-w C:\Documents

    and Settings\Compaq_Owner\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points

    ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window

    s\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe"

    [2004-10-13 17:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

    [2004-08-04 06:00]
    "LogitechSoftwareUpdate"="C:\Program

    Files\Logitech\Video\ManifestEngine.exe" [2004-10-08

    10:06]
    "swg"="C:\Program

    Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.

    exe" [2007-05-31 18:15]
    "Yahoo!

    Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.e

    xe" [2007-08-30 17:43]
    "Picasa Media Detector"="C:\Program

    Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23

    15:18]
    "SUPERAntiSpyware"="C:\Program

    Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

    [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window

    s\CurrentVersion\Run]
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot

    Optimizer\HPBootOp.exe" [2005-09-21 11:41]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE"

    [2004-10-08 09:52]
    "LogitechVideoRepair"="C:\Program

    Files\Logitech\Video\ISStart.exe" [2004-10-08 10:31]
    "LogitechVideoTray"="C:\Program

    Files\Logitech\Video\LogiTray.exe" [2004-10-08 10:24]
    "QuickTime Task"="C:\Program

    Files\QuickTime\qttask.exe" [2006-12-05 16:17]
    "ddoctorv2"="C:\Program Files\Comcast\Desktop

    Doctor\bin\sprtcmd.exe" [2007-04-19 13:21]
    "SunJavaUpdateSched"="C:\Program

    Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25

    01:11]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe"

    [2007-12-13 02:15]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\C

    urrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe"

    [2007-12-13 02:15]

    C:\Documents and Settings\Default User\Start

    Menu\Programs\Startup\
    Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-11-12 18:03:07]

    [hkey_local_machine\software\microsoft\windows\currentv

    ersion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=

    C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

    [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows

    nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    2007-04-19 13:41 294912 C:\Program

    Files\SUPERAntiSpyware\SASWINLO.dll

    S3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program

    Files\Comodo\CBOClean\BOCDRIVE.sys
    S3 FileObjInfo;STFileDriver;\??\C:\Documents and

    Settings\All Users\Application Data\Spyware

    Terminator\FileObjInfo.sys
    S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual

    Mode

    Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\curr

    entversion\explorer\mountpoints2\{2d435b36-e506-11d9-9

    b78-e6b009352ae7}]
    \Shell\AutoRun\command -

    C:\WINDOWS\system32\RunDLL32.EXE

    Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480

    480

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    *Newly Created Service* - SASDIFSV
    *Newly Created Service* - SASENUM
    *Newly Created Service* - SASKUTIL
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-12-13 07:50:31 C:\WINDOWS\Tasks\HubTask 0

    {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
    - c:\Program Files\Common Files\Sonic Shared\Sonic

    Central\Main\Mediahub.exe;Sched HubTask 0

    {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
    "2007-12-13 23:00:01 C:\WINDOWS\Tasks\XoftSpySE

    2.job"
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    "2007-12-13 00:21:11

    C:\WINDOWS\Tasks\XoftSpySE.job"
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    .
    *********************************************************************

    *****

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware

    detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-13 17:28:57
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\erdnt

    scan completed successfully
    hidden files: 1

    *********************************************************************

    *****
    .
    Completion time: 2007-12-13 17:29:27
    .
    2007-12-12 09:03:59 --- E O F ---






    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:31:38 PM, on 12/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Comcast\Desktop

    Doctor\bin\sprtcmd.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft

    Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program

    Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.

    exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\ATI Technologies\ATI Control

    Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program

    Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

    Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Search_URL =

    http://us.rd.yahoo.com/customize/ie/.../su/msgr8/*htt

    p://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Search Bar =

    http://us.rd.yahoo.com/customize/ie/.../sb/msgr8/*htt

    p://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Connection

    Wizard,ShellNext = http://www.rr.com/
    R1 -

    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyServer = :0
    O2 - BHO: Adobe PDF Reader Link Helper -

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    C:\Program Files\Adobe\Acrobat

    7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button -

    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

    C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class -

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

    C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO -

    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

    C:\Program

    Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google -

    {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

    c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: (no name) -

    {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program

    Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"

    /run
    O4 - HKLM\..\Run: [LVCOMSX]

    C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program

    Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program

    Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ddoctorv2] "C:\Program

    Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P

    ddoctorv2
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

    Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC]

    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program

    Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe]

    C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program

    Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [swg] C:\Program

    Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.

    exe
    O4 - HKCU\..\Run: [Yahoo! Pager]

    "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE"

    -quiet
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program

    Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program

    Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]

    C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User

    'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]

    C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User

    'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]

    C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User

    'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]

    C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User

    'Default user')
    O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE

    (User 'SYSTEM')
    O4 - .DEFAULT Startup: Pin.lnk =

    C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk =

    C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk =

    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Block this popup -

    C:\Program Files\Charter High-Speed Security

    Suite\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3

    000
    O9 - Extra button: (no name) -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Absolute Poker -

    {13C1DBF6-7535-495c-91F6-8C13714ED485} -

    C:\Documents and Settings\Compaq_Owner\Start

    Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra 'Tools' menuitem: Absolute Poker -

    {13C1DBF6-7535-495c-91F6-8C13714ED485} -

    C:\Documents and Settings\Compaq_Owner\Start

    Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra button: Web Filter -

    {200DB664-75B5-47c0-8B45-A44ACCF73C00} -

    C:\Program Files\Charter High-Speed Security

    Suite\FSPC\fspcmsie.dll (file missing)
    O9 - Extra button: (no name) -

    {200DB664-75B5-47c0-8B45-A44ACCF73F01} -

    C:\Program Files\Charter High-Speed Security

    Suite\FSPC\fspcmsie.dll (file missing)
    O9 - Extra 'Tools' menuitem: Web Filter -

    {200DB664-75B5-47c0-8B45-A44ACCF73F01} -

    C:\Program Files\Charter High-Speed Security

    Suite\FSPC\fspcmsie.dll (file missing)
    O9 - Extra button: IE Shield -

    {300DB664-75B5-47c0-8B45-A44ACCF73C00} -

    C:\Program Files\Charter High-Speed Security

    Suite\Anti-Spyware\ieshield.dll (file missing)
    O9 - Extra 'Tools' menuitem: IE Shield... -

    {300DB664-75B5-47c0-8B45-A44ACCF73C00} -

    C:\Program Files\Charter High-Speed Security

    Suite\Anti-Spyware\ieshield.dll (file missing)
    O9 - Extra button: Yahoo! Services -

    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

    C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Bonjour -

    {7F9DB11C-E358-4ca6-A83D-ACC663939424} -

    C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: PartyPoker.com -

    {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -

    C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

    (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com -

    {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -

    C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

    (file missing)
    O9 - Extra button: Connection Help -

    {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

    C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlet

    t-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help -

    {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

    C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlet

    t-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF:

    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}

    (QuickTime Object) -

    http://a1540.g.akamai.net/7/1540/52/.../qtinstall.inf

    o.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

    (Installation Support) - C:\Program

    Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0}

    (Snapfish Activia) -

    http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B}

    (SysData Class) -

    http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
    O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202}

    (PlayerOCX Control) -

    http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
    O16 - DPF:

    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

    (MUWebControl Class) -

    http://update.microsoft.com/microsof.../v6/V5Controls

    /en/x86/client/muweb_site.cab?1159066397421
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A}

    (Shutterfly Picture Upload Plugin) -

    http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF:

    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

    (ActiveScan Installer Class) -

    http://acs.pandasoftware.com/actives...free/asinst.ca

    b
    O16 - DPF:

    {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD}

    (TSEasyInstallX Control) -

    http://www.trendsecure.com/easy_inst...ctivex/en-US/T

    SEasyInstallX.CAB
    O16 - DPF:

    {D27CDB6E-AE6D-11CF-96B8-444553540000}

    (Shockwave Flash Object) -

    http://fpdownload2.macromedia.com/get/shockwave/cabs/f

    lash/swflash.cab
    O16 - DPF:

    {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

    http://games.pogo.com/online2/pogo/astropop/popcapload

    er_v6.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program

    Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: McAfee Application Installer Cleanup

    (0017151197531229) (0017151197531229mcinstcleanup)

    - Unknown owner -

    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\001715~1.

    EXE (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) -

    Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware

    2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

    C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -

    GRISOFT, s.r.o. -

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) -

    GRISOFT, s.r.o. -

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) -

    GRISOFT, s.r.o. -

    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. -

    C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google -

    C:\Program Files\Google\Common\Google

    Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) -

    Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling

    Service (LightScribeService) - Hewlett-Packard Company -

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP -

    C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SupportSoft Sprocket Service (ddoctorv2)

    (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program

    Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    O23 - Service: UStorage Server Service - OTi -

    C:\WINDOWS\system32\UStorSrv.exe

    --
    End of file - 11613 bytes

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    Please go here and upload this file ...

    C:\WINDOWS\sfont.exe

    http://www.virustotal.com/flash/index_en.html

    Click the browse button & browse to the file on your computer

    Post back the results ... right click on the page > select all

    right click again copy

    post the results in your next post here...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Dec 2007
    Posts
    3
    Points
    0

    Default I tried

    I tried to locate the file on my computer and it cannot not find it. Tried many different ways.. I'm sorry

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    Strange ... Combofix shows it, & it doesn't say it's hidden ...

    would you post a new hijackthis log please ... but when you have it in notepad (before you post it) please go to the top and click "format" & uncheck "wordwrap"

    Are you still having any problems ?

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -