File fix:

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.






Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*



thanks,




v

ComboFix 08-06-15.4 - User 2008-06-16 20:59:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.252 [GMT 1:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm

.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-16 10:02 . 2008-06-16 10:02 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-12 09:10 . 2008-06-12 09:10 16,244 --a------ C:\WINDOWS\system32\rrt_is.wav
2008-06-12 09:10 . 2008-06-12 09:10 7,302 --a------ C:\WINDOWS\system32\rrt_vf.wav
2008-06-12 09:10 . 2008-06-12 09:10 7,148 --a------ C:\WINDOWS\system32\rrt_tv.wav
2008-06-12 09:10 . 2008-06-12 09:10 6,282 --a------ C:\WINDOWS\system32\rrt_tn.wav
2008-06-10 14:57 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-10 14:57 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-10 14:57 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-10 14:57 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-10 14:57 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-10 14:57 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-10 14:57 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-10 14:57 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-09 17:32 . 2008-06-16 21:07 2,779,168 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-09 17:32 . 2008-06-16 21:03 33,596 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-09 17:18 . 2008-06-09 17:19 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-06-09 17:17 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-06-09 17:17 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-06-09 17:17 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-06-09 17:14 . 2008-06-09 17:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2008-06-09 17:14 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-06-09 17:14 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-06-09 17:14 . 2008-06-09 17:16 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-09 17:13 . 2008-06-09 17:13 <DIR> d-------- C:\Program Files\Zone Labs
2008-06-09 16:10 . 2008-06-09 16:10 <DIR> d-------- C:\Program Files\Apricorn
2008-06-08 20:36 . 2008-06-08 21:59 2,131 --a------ C:\WINDOWS\mozver.dat
2008-06-08 20:07 . 2008-06-08 20:13 <DIR> d-------- C:\Program Files\Windows Live
2008-06-08 20:07 . 2008-06-08 20:12 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-08 20:07 . 2008-06-08 20:07 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-06-08 20:02 . 2008-06-08 20:02 <DIR> d-------- C:\Program Files\AskSBar
2008-06-08 20:02 . 2008-06-08 20:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
2008-06-08 20:01 . 2008-06-08 20:01 <DIR> d-------- C:\Program Files\Sun
2008-06-08 20:01 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-08 19:40 . 2008-06-10 14:57 2,202 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-08 19:18 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-08 19:12 . 2008-06-08 19:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-06-08 19:11 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-08 19:06 . 2008-06-08 19:06 <DIR> d-------- C:\Documents and Settings\Louisa.NEWUSUER-D322DB
2008-06-08 19:03 . 2008-06-08 19:03 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-08 18:48 . 2004-08-03 23:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-06-08 18:48 . 2001-08-17 14:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-06-08 18:47 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-06-08 18:47 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-06-08 18:47 . 2004-08-04 01:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-08 18:47 . 2001-08-17 13:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2008-06-08 18:46 . 2004-08-04 00:07 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2008-06-08 18:42 . 2008-06-08 18:00 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-06-08 18:42 . 2004-08-04 03:58 2,012,670 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2008-06-08 18:41 . 2008-06-13 21:22 <DIR> d--h----- C:\Documents and Settings\Default User.WINDOWS
2008-06-08 18:41 . 2008-06-08 18:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS
2008-06-08 18:40 . 2008-06-08 18:09 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-06-08 18:25 . 2008-06-08 18:25 <DIR> d-------- C:\Documents and Settings\User.NEWUSUER-D322DB
2008-06-08 18:19 . 2007-09-28 10:44 3,573,888 --a------ C:\WINDOWS\system32\vtdisp.dll
2008-06-08 18:18 . 2007-04-11 15:35 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2008-06-08 18:17 . 2008-04-03 15:42 53,248 --a------ C:\WINDOWS\system32\drivers\ViPrt.sys
2008-06-08 18:17 . 2007-09-21 16:28 18,432 --a------ C:\WINDOWS\system32\vIdeInst.dll
2008-06-08 18:17 . 2008-04-03 15:42 16,896 --a------ C:\WINDOWS\system32\drivers\ViBus.sys
2008-06-08 18:17 . 2007-09-21 17:49 9,216 --a------ C:\WINDOWS\system32\drivers\videX32.sys
2008-06-08 18:14 . 2008-06-08 18:14 <DIR> d-------- C:\Program Files\D-Link
2008-06-08 18:11 . 2008-06-08 18:26 <DIR> d-------- C:\Documents and Settings\userA
2008-06-08 18:10 . 2008-06-08 18:10 <DIR> d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY
2008-06-08 18:10 . 2008-06-08 18:10 <DIR> d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY
2008-06-08 18:10 . 2008-06-08 18:10 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-06-08 18:07 . 2001-08-23 15:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-06-08 18:06 . 2001-08-23 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-08 18:05 . 2004-08-04 02:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-06-08 18:04 . 2008-06-08 18:04 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-06-08 18:02 . 2008-06-08 18:02 <DIR> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-06-08 18:02 . 2008-06-08 18:02 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-06-08 18:02 . 2008-06-08 18:02 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-06-08 18:02 . 2008-06-08 18:02 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-06-08 18:02 . 2008-06-08 18:02 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-06-08 18:02 . 2008-06-08 18:02 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-06-08 18:02 . 2008-06-08 18:02 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-06-08 18:02 . 2008-06-08 18:02 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-06-08 18:02 . 2008-06-08 18:02 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-06-08 18:00 . 2007-07-30 19:19 1,712,984 --a------ C:\WINDOWS\system32\wuaueng.dll
2008-06-08 17:59 . 2008-06-08 17:59 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-08 17:59 . 2008-06-08 17:59 37 --a------ C:\WINDOWS\vbaddin.ini
2008-06-08 17:59 . 2008-06-08 17:59 36 --a------ C:\WINDOWS\vb.ini
2008-06-08 17:57 . 2007-07-22 14:15 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll
2008-06-08 17:56 . 2004-08-03 23:01 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2008-06-08 17:56 . 2004-08-04 01:01 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008-05-27 21:45 . 2008-05-27 21:45 268 --ah----- C:\sqmdata19.sqm
2008-05-27 21:45 . 2008-05-27 21:45 244 --ah----- C:\sqmnoopt19.sqm
2008-05-27 21:38 . 2008-05-27 21:38 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-27 13:05 . 2008-05-27 13:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-27 11:37 . 2008-05-27 11:37 <DIR> d-------- C:\Program Files\ColorUtility
2008-05-27 11:37 . 2008-05-27 11:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\cs
2008-05-27 11:37 . 2008-05-27 11:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\Application Data
2008-05-27 11:37 . 2008-05-27 11:37 <DIR> d-------- C:\Application Data
2008-05-26 18:00 . 2008-05-26 18:00 <DIR> d-------- C:\Documents and Settings\User\DoctorWeb
2008-05-26 17:29 . 2008-05-26 17:46 <DIR> d-------- C:\Documents and Settings\User\Application Data\CDRoller
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-09 16:18 --------- d-----w C:\Program Files\Lavasoft
2008-06-09 16:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 19:06 --------- d-----w C:\Documents and Settings\User\Application Data\Azureus
2008-06-08 19:02 --------- d-----w C:\Program Files\Azureus
2008-06-08 19:01 --------- d-----w C:\Program Files\Java
2008-06-08 17:23 --------- d-----w C:\Program Files\VIA
2008-06-08 17:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 17:16 --------- d-----w C:\Program Files\HWiNFO32
2008-06-08 16:58 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-26 17:00 --------- d-----w C:\Program Files\DrWeb
2008-05-25 19:58 --------- d-----w C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-05-19 18:42 --------- d-----w C:\Documents and Settings\Louisa\Application Data\OpenOffice.org2
2008-05-14 19:12 --------- d-----w C:\Program Files\DivX
2008-05-14 18:49 --------- d-----w C:\Program Files\Smart Projects
2008-04-29 10:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 10:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 10:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-20 09:14 --------- d-----w C:\Documents and Settings\User\Application Data\U3
2008-04-02 20:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-12-10 10:33 47,360 -c--a-w C:\Documents and Settings\User\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-13_21.28.36.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-13 15:55:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-16 20:04:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-19 18:23:20 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-03-19 18:36:22 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDir.dll
+ 2008-03-19 18:24:02 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-03-19 17:46:26 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-03-19 18:24:04 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-03-19 17:36:14 754,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
+ 2008-03-19 17:36:16 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
+ 2008-03-19 17:36:14 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-03-19 17:42:42 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-03-19 18:22:34 249,856 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-03-19 18:25:36 442,368 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-03-19 18:36:06 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100429.exe
+ 2008-03-19 18:26:20 110,592 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-03-19 18:22:22 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-03-19 17:36:14 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 09:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
+ 2008-06-16 20:04:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_108.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-06-08 20:02 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-06-08 20:02 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 12:23 1032640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 16:36 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2007-08-27 19:03 200704 C:\WINDOWS\system32\VTTrayp.exe]
"AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 15:48 528384]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"pstdevm09840090"="C:\Program Files\Apricorn\Protector Suite Token\09840090\pstdevm.exe" [2007-04-27 16:48 114176]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:56 15360]

C:\Documents and Settings\Louisa\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2008-04-03 15:42]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX3 2.sys [2007-09-21 17:49]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2008-04-03 15:42]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-05-16 00:16]
R2 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files\HWiNFO32\HWiNFO32.SYS [2008-04-08 18:31]
R2 pstsrvc;Protector Suite Token Service;"C:\Program Files\Apricorn\Protector Suite Token\09840090\pstsrvc.exe" [2007-04-27 16:44]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9d498484-0eb9-11dd-a3cd-001b11163ce9}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 21:05:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2008-06-16 21:14:21 - machine was rebooted [User]
ComboFix-quarantined-files.txt 2008-06-16 20:14:10
ComboFix2.txt 2008-06-13 20:29:53
ComboFix3.txt 2007-11-12 10:01:52

Pre-Run: 9,636,282,368 bytes free
Post-Run: 9,639,104,512 bytes free

237





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40, on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apricorn\Protector Suite Token\09840090\pstsrvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Apricorn\Protector Suite Token\09840090\pstdevm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pstdevm09840090] C:\Program Files\Apricorn\Protector Suite Token\09840090\pstdevm.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1212948898140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1212948890031
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Protector Suite Token Service (pstsrvc) - UPEK, Inc. - C:\Program Files\Apricorn\Protector Suite Token\09840090\pstsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5747 bytes

looks good. You can use those askbar entries via hjt below if you wish. If you use them, cool, but they've been known to cause pop-ups; that's about it though.

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

how's the rig running?

thanks,

v

everything runnig great now, thanks soo much!!

fantastic.

be sure to follow the postwork link in my signature, and I'll mark this as fixed.

thanks,

v