[evilfantasy]

I don't know what you are doing to get every log to come out like that. I can't read them right. The \ \ symbols are missing and messing them up. Instead of C:\Program Files\ABCDEF it is C:ProgramFilesABCDEF

When it opens in notepad just copy and paste it into the reply box. No quotes or formatting please.

Try to just copy and past it again.

[drgg]

Ok sorry about that. Heres the Combofix log


ComboFix 07-12-16.1 - Soccer SuperStar 2007-12-16 14:35:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.176 [GMT 11:00]
Running from: F:\Jackys\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Soccer SuperStar\ResErrors.log
C:\WINDOWS\dat.txt
.
((((((((((((((((((((((((( Files Created from 2007-11-16 to 2007-12-16 )))))))))))))))))))))))))))))))
.
2007-12-13 19:38 . 2007-12-13 19:38 4,412 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-13 19:02 . 2007-12-13 19:38 <DIR> d-------- C:\Program Files\Smit
2007-12-13 19:00 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-13 19:00 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-13 19:00 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-13 19:00 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-13 19:00 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-13 18:02 . 2007-12-13 18:02 155 --a------ C:\Documents and Settings\Soccer SuperStar\GetPaths.vbs
2007-12-13 17:23 . 2007-12-13 17:23 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-13 16:16 . 2007-12-13 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-12 18:56 . 2007-12-12 18:56 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-12-12 18:56 . 2007-12-12 18:56 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-12-12 18:53 . 2007-12-12 18:53 <DIR> d-------- C:\Documents and Settings\Soccer SuperStar\Application Data\Sunbelt Software
2007-12-12 17:10 . 2007-12-12 17:10 <DIR> d-------- C:\Program Files\BillP Studios
2007-12-12 17:10 . 2007-12-12 17:10 <DIR> d-------- C:\Documents and Settings\Soccer SuperStar\Application Data\WinPatrol
2007-12-11 13:29 . 2007-12-11 13:33 0 --a------ C:\WINDOWS\system32\sys_dll.dll
2007-12-11 13:22 . 2007-12-11 15:19 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-12-11 13:22 . 2007-12-11 13:56 <DIR> d-------- C:\Documents and Settings\Soccer SuperStar\Application Data\Spyware Terminator
2007-12-11 13:22 . 2007-12-11 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-12-10 17:39 . 2007-12-10 17:39 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-10 17:39 . 2007-12-15 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-10 17:39 . 2007-12-16 14:43 2,369,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-10 17:39 . 2007-12-10 17:39 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-10 17:39 . 2007-12-10 17:39 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-10 17:39 . 2007-12-16 14:43 58,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-10 17:39 . 2007-12-15 21:36 32,084 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-10 17:39 . 2007-12-15 21:36 6,236 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-10 17:12 . 2007-12-10 17:12 <DIR> d-------- C:\KAV
2007-12-10 15:36 . 2007-12-10 15:36 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-10 15:36 . 2007-12-10 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-10 15:35 . 2007-12-10 15:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-10 13:36 . 2007-12-10 13:36 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-10 13:34 . 2007-12-10 15:06 16 --a------ C:\WINDOWS\system32\coh.cache
2007-12-10 12:23 . 2007-12-10 12:26 <DIR> d-------- C:\Documents and Settings\Soccer SuperStar\Application Data\PCSecureSystem
2007-12-10 12:19 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-10 06:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-10 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-10 06:29 --------- d-----w C:\Program Files\Symantec
2007-11-07 06:17 --------- d-----w C:\Program Files\Maxis
2007-10-29 06:18 4,838,242 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 18:32]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00]
"iPlusAgent"="C:\Program Files\iriver\iriver plus\iAgent.exe" [2005-06-07 19:20]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 15:05]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 12:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 11:59]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 23:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-04-15 09:18 C:\WINDOWS\system32\nwiz.exe]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 14:08]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 01:40]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 15:06]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-06 10:25]
"TPSMain"="TPSMain.exe" [2004-12-29 10:02 C:\WINDOWS\system32\TPSMain.exe]
"ZoomingHook"="ZoomingHook.exe" [2004-05-01 17:03 C:\WINDOWS\system32\ZoomingHook.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-16 10:51]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 17:02]
"TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-23 07:51]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-14 19:05]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-26 09:59]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-08 08:03]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 04:10 C:\WINDOWS\agrsmmsg.exe]
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe" [2003-09-06 13:16]
"TCtryIOHook"="TCtrlIOHook.exe" [2004-05-01 14:03 C:\WINDOWS\system32\TCtrlIOHook.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-27 03:06]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2004-08-04 23:00]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
C:\Documents and Settings\Soccer SuperStar\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-12 15:57:52]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-05-13 23:31:53]
R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys
R1 SrvcEKIOMngr;SrvcEKIOMngr;C:\WINDOWS\system32\Driv ers\EKIoMngr.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Driv ers\SSIoMngr.sys
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S1 StickyMesger;StickyMesger;\??\C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\H10U SB.sys
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-12 04:36:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 14:44:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-12-16 14:45:16
.
2007-12-12 04:32:53 --- E O F ---

[drgg]

And the Hijack This log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:58 PM, on 16/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iriver\iriver plus\iAgent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office Pro\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\\Program Files\\ltmoh\\Ltmoh.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iPlusAgent] "C:\Program Files\iriver\iriver plus\iAgent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7038 bytes

[drgg]

???I posted this but it didnt come up. Oh well heres the Combofix again.


ComboFix 07-12-16.1 - Soccer SuperStar 2007-12-16 14:35:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.176 [GMT 11:00]
Running from: F:\Jackys\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Soccer SuperStar\ResErrors.log
C:\WINDOWS\dat.txt
.
((((((((((((((((((((((((( Files Created from 2007-11-16 to 2007-12-16 )))))))))))))))))))))))))))))))
.
2007-12-13 19:38 . 2007-12-13 19:38 4,412 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-13 19:02 . 2007-12-13 19:38 <DIR> d-------- C:\Program Files\Smit
2007-12-13 19:00 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-13 19:00 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-13 19:00 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-13 19:00 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-13 19:00 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-13 18:02 . 2007-12-13 18:02 155 --a------ C:\Documents and Settings\Soccer SuperStar\GetPaths.vbs
2007-12-13 17:23 . 2007-12-13 17:23 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-13 16:16 . 2007-12-13 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-12 18:56 . 2007-12-12 18:56 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-12-12 18:56 . 2007-12-12 18:56 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-12-12 18:53 . 2007-12-12 18:53 <DIR> d-------- C:\Documents and Settings\Soccer SuperStar\Application Data\Sunbelt Software
2007-12-12 17:10 . 2007-12-12 17:10 <DIR> d-------- C:\Program Files\BillP Studios
2007-12-12 17:10 . 2007-12-12 17:10 <DIR> d-------- C:\Documents and Settings\Soccer SuperStar\Application Data\WinPatrol
2007-12-11 13:29 . 2007-12-11 13:33 0 --a------ C:\WINDOWS\system32\sys_dll.dll
2007-12-11 13:22 . 2007-12-11 15:19 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-12-11 13:22 . 2007-12-11 13:56 <DIR> d-------- C:\Documents and Settings\Soccer SuperStar\Application Data\Spyware Terminator
2007-12-11 13:22 . 2007-12-11 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-12-10 17:39 . 2007-12-10 17:39 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-10 17:39 . 2007-12-15 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-10 17:39 . 2007-12-16 14:43 2,369,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-10 17:39 . 2007-12-10 17:39 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-10 17:39 . 2007-12-10 17:39 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-10 17:39 . 2007-12-16 14:43 58,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-10 17:39 . 2007-12-15 21:36 32,084 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-10 17:39 . 2007-12-15 21:36 6,236 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-10 17:12 . 2007-12-10 17:12 <DIR> d-------- C:\KAV
2007-12-10 15:36 . 2007-12-10 15:36 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-10 15:36 . 2007-12-10 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-10 15:35 . 2007-12-10 15:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-10 13:36 . 2007-12-10 13:36 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-10 13:34 . 2007-12-10 15:06 16 --a------ C:\WINDOWS\system32\coh.cache
2007-12-10 12:23 . 2007-12-10 12:26 <DIR> d-------- C:\Documents and Settings\Soccer SuperStar\Application Data\PCSecureSystem
2007-12-10 12:19 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-10 06:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-10 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-10 06:29 --------- d-----w C:\Program Files\Symantec
2007-11-07 06:17 --------- d-----w C:\Program Files\Maxis
2007-10-29 06:18 4,838,242 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 18:32]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00]
"iPlusAgent"="C:\Program Files\iriver\iriver plus\iAgent.exe" [2005-06-07 19:20]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 15:05]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 12:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 11:59]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 23:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-04-15 09:18 C:\WINDOWS\system32\nwiz.exe]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 14:08]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 01:40]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 15:06]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-06 10:25]
"TPSMain"="TPSMain.exe" [2004-12-29 10:02 C:\WINDOWS\system32\TPSMain.exe]
"ZoomingHook"="ZoomingHook.exe" [2004-05-01 17:03 C:\WINDOWS\system32\ZoomingHook.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-16 10:51]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 17:02]
"TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-02-23 07:51]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-14 19:05]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-26 09:59]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-08 08:03]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 04:10 C:\WINDOWS\agrsmmsg.exe]
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe" [2003-09-06 13:16]
"TCtryIOHook"="TCtrlIOHook.exe" [2004-05-01 14:03 C:\WINDOWS\system32\TCtrlIOHook.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-27 03:06]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2004-08-04 23:00]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
C:\Documents and Settings\Soccer SuperStar\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-12 15:57:52]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-05-13 23:31:53]
R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys
R1 SrvcEKIOMngr;SrvcEKIOMngr;C:\WINDOWS\system32\Driv ers\EKIoMngr.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Driv ers\SSIoMngr.sys
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S1 StickyMesger;StickyMesger;\??\C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\H10U SB.sys
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-12 04:36:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 14:44:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-12-16 14:45:16
.
2007-12-12 04:32:53 --- E O F ---

[evilfantasy]

Thank you!

I can read them now.

The posts with links in them will not show up for new members until approved by a Moderator, so it may take us some time before we realize they are there. So don't worry, they are there.

[evilfantasy]

The logs look fine now except you are running two firewals, ZoneAlarm and Kaspersky. Pick one and uninstall the other. Personally I would get rid of ZoneAlarm and keep Kaspersky.

We need to do this to get rid of Combofix and it's related files. It is a dangerous tool so should not be kept.

Go to Start > Run and copy and paste next command in the field:

ComboFix /u



Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again


Let us know if anything else comes up.

[drgg]

I downloaded ComboFix onto my USB then i just opened it from the USB so do i just delete from the USB. Also another slight problem. On the toolbar theres a window security alert saying that Virus Protection on the laptop is not found. I deleted Kaspersky because i only installed it to get rid of the infection, but i kept Zone Alarm. So why is Windows Security Centre telling me theres no antivirus software on the laptop?

[evilfantasy]

I don't know, I didn't see any antivirus in the HijackThis log now that I think of it. Maybe you need to open Zone Alarm and see if it is turned on.

[drgg]

Yeah Zone Alarm is on. At the moment theres also Ad-Aware, Spyware Terminator and WinPatrol on my laptop, arent these Anti-Virus Protection? Should i just install Kaspersky?

[evilfantasy]

Ad-Aware, Spyware Terminator and WinPatrol are spyware/malware monitors, not antivirus.

I would rather have kaspersky if it were up to me.

And yes, delete combofix from the flash drive.

[drgg]

Well anyhow thankyou very much for the help Evilfantasy! I spent like 20 hurs trying to fix the problem myself lol. Your help has been greatly appreciated. Thanks again Buddy!

[evilfantasy]

No problem.

Look through this post for tips and free programs to keep you safe while surfing.

Let us know if anything else comes up.

[drgg]

Alright i will. Thanks alot!