Hi and welcome to Daniweb forums .

Can you please do the following.

===============

Can you disable Windows Defender as it may interfere with the removal process. Please leave it disabled until your PC has been given the all clear.

• Open Windows Defender
• Click Tools
• Click General Settings
• Scroll down to Real Time Protection Options
• Uncheck Turn on Real Time Protection (recommended)
• After you uncheck this, click on the Save button
• Close Windows Defender

===============

Scan with HijackThis and then place a check next to all the following, if present:


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [ctfmona] C:\Windows\system32\ctfmona.exe

O13 - Gopher Prefix:


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\Windows\system32\ctfmona.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

Download this file from one of the following links :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/combofix.exe

1. Make sure that Combofix is downloaded to and run from, your desktop.

2. Double click combofix.exe & follow the prompts.
3. When finished, ComboFix generates a pop up log which can also be found at C:\ComboFix.txt. Post that log in your next reply, along with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Thanks! IWas having the same problem and the advice on this forum seems to have fixed it(so far) I will list what I did in addition to follow the advice on this thread.
1. Updated and ran Spybot S&D ( No help)
2.Did a scan from Trendmicro (started to remove and identified ctfmona.exe as the problem, but couldn't get it all out!)
3. Tried to remove ctfmona.exe from the system32 file. Gave me a "disk is in use message", so I stopped ctfmona.exe in the msconfig startup services and booted to safe mode and removed it manually.
4. WIndows browser was still hijacked and led to "Dealtime.com etc." when I tried to search for solutions via Google, so I used Firefox to find this thread (thank god).
5.Ran Hijackthis! and found the following key as listed in this thread:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Stopped it with Hijack this.
5. Ran the tool Combofix as listed in this thread.
6. When the computer rebooted it poted a log and I noticed this:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona
7. Went into the registry and deleted it out of the registry.
8. Posted this with the hope that it will help someone.
Thanks, good luck
By the way, I got this trojan from a myspace page. A screenshot for Windows malicious removal tool popped up (fake), then I clicked on a .exe file that claimed to be from windowsupdate. , but had a bunch of weird letters after it. I don't know why I clicked on it, but I did. I have update set to manual and it said it wasn't approved by Microsoft!!! Duh. Well hope this helps people and thanks again to crunchie!!!

I competed the fix described above. On reboot there was no pop-up re ctfmona (yaa!)
As per the instructions, here are the requested text files:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:00:38 PM, on 2/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Faith Cole\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ctfmona] C:\Windows\system32\ctfmona.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8611 bytes


ComboFix 08-02.01.1 - Faith Cole 2008-01-31 17:54:00.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.251 [GMT -5:00]
Running from: C:\Users\Faith Cole\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\dat.txt
C:\Windows\jokwmp.dll
C:\Windows\popnetnfv.dll

----- BITS: Possible infected sites -----

hxxp://thenetworkcom.com
hxxp://77.91.228.182

.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02.01 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 21:40 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-01-31 21:40 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-31 21:40 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-01-31 21:40 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-01-31 21:40 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-01-31 21:40 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-01-31 21:40 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-31 20:51 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-31 20:48 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-01-31 20:48 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-01-31 20:48 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-01-31 20:48 --------- d-----w C:\ProgramData\Symantec
2008-01-31 20:48 --------- d-----w C:\Program Files\Symantec
2008-01-31 20:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-31 20:28 --------- d-----w C:\Program Files\Windows Mail
2008-01-31 20:26 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-01-31 20:26 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-01-31 20:26 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-01-31 20:26 216,760 ----a-w C:\Windows\system32\drivers\netio.sys
2008-01-31 20:26 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-01-31 20:24 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-31 20:24 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-31 20:24 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-31 20:24 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-31 20:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-31 20:24 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-31 20:24 1,686,016 ----a-w C:\Windows\System32\gameux.dll
2008-01-31 20:24 --------- d-----w C:\Program Files\Windows Sidebar
2007-12-19 15:33 --------- d-----w C:\ProgramData\Dell
2007-12-14 01:51 --------- d-----w C:\ProgramData\SupportSoft
2007-12-14 01:51 --------- d-----w C:\Program Files\Dell Support Center
2007-12-14 01:50 --------- d-----w C:\Program Files\Common Files\supportsoft
2007-12-13 08:06 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 08:05 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 08:05 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 08:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-13 08:04 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-13 08:04 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 08:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 08:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 08:03 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-13 08:03 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-13 08:03 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-13 08:02 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-13 08:02 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-09 02:38 --------- d-----w C:\Program Files\Datel
2007-12-01 04:57 43,696 ----a-w C:\Windows\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\Windows\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\Windows\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\Windows\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\Windows\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\Windows\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\Windows\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\Windows\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\Windows\system32\drivers\srtsp.inf
2007-11-22 17:26 143,360 ----a-w C:\Windows\nethop.exe
2007-11-14 20:52 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 20:52 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 20:52 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 20:52 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 20:52 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 20:52 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 20:52 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 20:52 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 20:52 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 20:52 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-09-11 19:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:34 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-04 07:51 1006264]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-05-21 00:42 159744]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-25 00:17 405504]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-07-02 00:14 138008]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-07-02 00:13 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-07-02 00:14 133912]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 14:33 1548288]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-12-03 18:25 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-12-03 18:23 22696]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 16:10 184320]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 05:20 17920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-04 00:28 1862144]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 15:55 267064]
"ctfmona"="C:\Windows\system32\ctfmona.exe" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-09-04 00:09:26 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 18:13:26 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071020.002\IDSvix86.sys [2007-09-13 09:49]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 19:39]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 00:43]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-07-02 00:13]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 02:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 01:00:27 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Faith Cole.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 17:57:06
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-01 17:58:11
ComboFix-quarantined-files.txt 2008-02-01 22:58:08
.
2008-01-31 21:40:47 --- E O F ---

Dude, I'm not much help with the Hijackthis log, but it looks like ctfmona.exe is still in your system32 file. I got rid of that by doing the following:
1 . Run>msconfig>startup>uncheck ctfmona.exe (not ctfmon.exe this is a legitamate service NOTE: "ctfmona.exe" , see the "a" at the end?
2. Read Crunchie's instructions in this same thread and make sure you have combofix downloaded ( I saw you do, but just saying anyway in case someone else reads this )
3. Boot to safe mode (It would not delete from normal mode)(f8 on before windows boots and choose boot to safe mode, I chose w/o networking)
4. When Safe Mode starts Run>System32>Show hiddenfiles This is how I located the illegitamate little sucker. From my System32 File I chose View>Details then I clicked on Date Modified until it showed the most recent first. This should put ctfmona.exe pretty near the top if not right at the top. DELETE with pride!
5 At this point I ran combofix and after it ran it created the log which showed me the exact registry location of the last bit of that trojan jerk. I opened the registry run>regedit and followed the path.and deleted the entry which took it out of the startup services. That did it! Read what crunchie wrote it's super useful. Hope that helps!

Hi scole58.

First of all- welcome to Daniweb .

We ask that members not piggy-back questions on to a thread previously started by another member here in the Viruses, Spyware & other Nasties forum, (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/forums/faq.ph...niweb_policies


Thanks for understanding and read the stickies at the top of this forum, particularly the one regarding the latest version of hijackthis.