Help Needed. Please Check My HiJackThis Log File.

[docoweatpie]

There is one strange file, 37211.dll, that I can't permanatly remove. When ever I FixCheck this file, it will reappear in just a few minutes.
Before, I get these strange pop-ups. Now it stopped. But now my AVG constantly warns me that the file 37211.dll is infected. Anyway here is my HighJackThis Log File.


Logfile of HijackThis v1.99.1
Scan saved at 10:15:42 PM, on 29/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msime.exe
C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\winupdate.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\zstatus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dillon Hung\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: A2NPopUpKiller Class - {8A321C7D-9CED-45A8-870D-DAE843A45FD0} - C:\Program Files\Armor2net\Armor2net Personal Firewall\PopUpKiller.dll
O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - C:\WINDOWS\system32\37211.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Armor2net] C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1153095743440
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Update Service For Windows (winupdate) - Unknown owner - C:\WINDOWS\winupdate.exe

[sUBs]

Do a HijackThis scan & place a check next to these items and select "Fix checked":

O1 - Hosts: 222.111.150.111 gwgt1.joymax.com
O1 - Hosts: 80.15.232.4 nprotect.nefficient.com
O1 - Hosts: example127.0.0.1 localhost
O1 - Hosts: 222.111.150.111 gwgt1.joymax.com
O1 - Hosts: 80.15.232.4 nprotect.nefficient.com
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn1\yt.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\Dealio.dll (file missing)
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [MsUpdate] C:\Program Files\MsUpdate\MsUpdate.exe /auto
O4 - HKLM\..\Run: [ms-update] scvhost.exe
O4 - HKLM\..\Run: [Aapp] C:\windows\system32\adprot
O4 - HKLM\..\Run: [newname] C:\\nwnmff_14.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_14.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_14.exe
O4 - HKLM\..\Run: [win3207548842744] C:\WINDOWS\win3207548842744.exe
O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\Dealio.dll (file missing)
O20 - AppInit_DLLs: repairs303169590.dll,wbsys.dll


* * * * * *


1. Download this file using either of these links

http://download.bleepingcomputer.com/sUBs/combofix.exe

http://www.techsupportforum.com/sectools/combofix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[docoweatpie]

Um.. I couldn't find any of the items, that you listed, on my log file.

I downloaded ComboFix and here is the Log File.

Dillon Hung - 06-08-30 12:59:08.00
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\Dillon Hung\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-07-30 to 2006-08-30 ))))))))))))))))))))))))))))))))))


2006-08-27 22:01 16,896 -r-hs---- C:\WINDOWS\system32\Downdll6715.dll
2006-08-27 22:00 16,896 -r-hs---- C:\WINDOWS\system32\Downdll2728.dll
2006-08-27 22:00 16,896 -r-hs---- C:\WINDOWS\system32\Downdll2025.dll
2006-08-27 21:59 16,896 -r-hs---- C:\WINDOWS\system32\Downdll8609.dll
2006-08-27 21:59 16,896 -r-hs---- C:\WINDOWS\system32\Downdll313.dll
2006-08-27 21:59 16,896 -r-hs---- C:\WINDOWS\system32\Downdll0.dll
2006-08-27 21:58 16,896 -r-hs---- C:\WINDOWS\system32\Downdll.dll
2006-08-13 08:33 90,112 --------- C:\WINDOWS\apptune.exe
2006-08-13 08:33 45,056 --------- C:\WINDOWS\system32\zpp.dll
2006-08-13 08:33 36,864 --------- C:\WINDOWS\system32\zpppcl.dll
2006-08-13 08:33 233,525 --------- C:\WINDOWS\system32\isutil.dll
2006-08-13 08:33 151,552 --------- C:\WINDOWS\system32\SDhp1000.DLL
2006-08-13 08:33 1,941,504 --------- C:\WINDOWS\system32\pcldll6l.dll
2006-08-13 08:25 900,388 --------- C:\WINDOWS\system32\hpflash1.exe
2006-08-13 08:25 86,016 --a------ C:\WINDOWS\system32\ZSPOOL.DLL
2006-08-13 08:25 77,824 --a------ C:\WINDOWS\system32\ZLMhp1.DLL
2006-08-13 08:25 73,728 --------- C:\WINDOWS\system32\ZSHP1000.dll
2006-08-13 08:25 70,656 --------- C:\WINDOWS\system32\Sd32.dll
2006-08-13 08:25 54,784 --a------ C:\WINDOWS\system32\ZPJL.DLL
2006-08-13 08:25 49,152 --------- C:\WINDOWS\system32\Zlang.dll
2006-08-13 08:25 36,864 --------- C:\WINDOWS\system32\zstatus.exe
2006-08-13 08:25 28,672 --a------ C:\WINDOWS\system32\ZLM.DLL
2006-08-13 08:25 23,552 --------- C:\WINDOWS\system32\ZGDI32.DLL
2006-08-13 08:25 229,376 --------- C:\WINDOWS\system32\vsetup.dll
2006-08-13 08:25 19,456 --a------ C:\WINDOWS\system32\ZTAG32.DLL
2006-08-13 08:25 159,803 --a------ C:\WINDOWS\closewnd.exe
2006-08-13 08:25 147,456 --------- C:\WINDOWS\system32\ZUNINST.EXE
2006-08-13 08:25 12,288 --a------ C:\WINDOWS\system32\IMF32.DLL
2006-08-09 18:02 32,896 --a------ C:\WINDOWS\system32\APFTrans.sys
2006-08-03 18:03 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-08-03 18:00 90,112 --a------ C:\WINDOWS\system32\LVComS.exe
2006-08-03 18:00 81,920 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2006-08-03 18:00 69,632 --a------ C:\WINDOWS\system32\lvcoinst.dll
2006-08-03 18:00 57,344 --a------ C:\WINDOWS\system32\LVComC.dll
2006-08-03 18:00 172,032 --a------ C:\WINDOWS\system32\lvcodec2.dll
2006-08-03 18:00 114,688 --a------ C:\WINDOWS\system32\LVUI2.dll
2006-08-03 17:58 466,944 --a------ C:\WINDOWS\system32\CIMSVR.exe
2006-08-03 17:58 28,672 --a------ C:\WINDOWS\system32\CIMSVRps.dll
2006-08-03 17:58 233,472 --a------ C:\WINDOWS\system32\CIMVIEW.dll
2006-08-03 17:58 147,456 --a------ C:\WINDOWS\system32\MimicICM.dll
2006-08-03 17:56 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-18 15:47 -------- d-------- C:\Program Files\Google
2006-08-18 14:55 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\Macromedia
2006-08-14 19:20 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\AdobeUM
2006-08-13 12:47 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-13 12:47 -------- d-------- C:\Program Files\Common Files
2006-08-13 12:47 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\Adobe
2006-08-13 12:45 -------- d-------- C:\Program Files\Adobe
2006-08-13 08:33 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-13 08:33 -------- d-------- C:\Program Files\hp LaserJet 1000
2006-08-13 07:42 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-13 07:42 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-13 07:40 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\AVG7
2006-08-13 07:39 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-08-13 07:39 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-08-13 07:39 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-08-13 07:39 -------- d---s---- C:\Documents and Settings\Dillon Hung\Application Data\Microsoft
2006-08-13 07:39 -------- d-------- C:\Program Files\Grisoft
2006-08-10 17:45 -------- d-------- C:\Program Files\Windows Media Player
2006-08-09 20:46 26480 --a------ C:\Documents and Settings\Dillon Hung\Application Data\GDIPFONTCACHEV1.DAT
2006-08-09 16:52 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-09 16:52 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-09 16:52 -------- d-------- C:\Program Files\Common Files\Designer
2006-08-09 16:50 -------- d-------- C:\Program Files\Microsoft Office
2006-08-09 16:49 -------- d-------- C:\Program Files\Common Files\System
2006-08-07 20:46 -------- d-------- C:\Program Files\QuickTime
2006-08-04 16:48 -------- d-------- C:\Program Files\AviSynth 2.5
2006-08-04 16:47 -------- d-------- C:\Program Files\eRightSoft
2006-08-03 19:12 -------- d-------- C:\Program Files\WinZip
2006-08-03 18:01 -------- d-------- C:\Program Files\directx
2006-08-03 18:01 -------- d-------- C:\Program Files\Common Files\Logitech
2006-08-03 17:58 -------- d-------- C:\Program Files\Windows Media Components
2006-08-03 17:58 -------- d-------- C:\Program Files\Real
2006-08-03 17:58 -------- d-------- C:\Program Files\Logitech
2006-08-03 17:58 -------- d-------- C:\Program Files\Common Files\Real
2006-08-03 17:58 -------- d-------- C:\Program Files\Common Files\FotoWire
2006-08-02 10:41 -------- d-------- C:\Program Files\AIM
2006-08-01 17:19 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-01 17:19 -------- d-------- C:\Program Files\Armor2net
2006-07-31 18:58 -------- d-------- C:\Program Files\IncrediMail
2006-07-26 10:03 -------- d-------- C:\Program Files\RADVideo
2006-07-25 19:31 -------- d-------- C:\Program Files\MSXML 4.0
2006-07-24 15:11 -------- d-------- C:\Program Files\CDisplay
2006-07-24 07:16 -------- d-------- C:\Program Files\Winamp
2006-07-23 21:52 -------- d-------- C:\Program Files\Messenger
2006-07-23 15:46 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\Ahead
2006-07-23 15:04 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\Aim
2006-07-23 15:01 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\Yahoo!
2006-07-23 15:00 -------- d-------- C:\Program Files\Yahoo!
2006-07-21 18:42 -------- d-------- C:\Program Files\WinRAR
2006-07-21 17:04 -------- d-------- C:\Program Files\Common Files\ACD Systems
2006-07-20 20:03 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\Apple Computer
2006-07-19 10:42 -------- d-------- C:\Program Files\CONEXANT
2006-07-18 16:52 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\ACD Systems
2006-07-17 22:12 -------- d-------- C:\Program Files\Common Files\Ahead
2006-07-17 21:58 -------- d-------- C:\Program Files\Nero
2006-07-17 14:47 967 --a------ C:\WINDOWS\ScUnin.pif
2006-07-17 14:47 94208 --a------ C:\WINDOWS\ScUnin.exe
2006-07-17 14:19 135168 --a------ C:\WINDOWS\system32\BNCSutil.dll
2006-07-17 11:25 2829 --a------ C:\WINDOWS\War3Unin.pif
2006-07-17 11:25 139264 --a------ C:\WINDOWS\War3Unin.exe
2006-07-17 07:33 -------- d-------- C:\Program Files\MSN Messenger
2006-07-16 18:20 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\Identities
2006-07-16 17:23 -------- d--h----- C:\Program Files\WindowsUpdate
2006-07-16 17:16 -------- d--h----- C:\Program Files\Uninstall Information
2006-07-16 17:10 0 -rahs---- C:\MSDOS.SYS
2006-07-16 17:10 0 -rahs---- C:\IO.SYS
2006-07-16 17:10 0 --a------ C:\CONFIG.SYS
2006-07-16 17:10 0 --a------ C:\AUTOEXEC.BAT
2006-07-16 17:10 -------- d-------- C:\Program Files\xerox
2006-07-16 17:10 -------- d-------- C:\Program Files\microsoft frontpage
2006-07-16 17:08 -------- d-------- C:\Program Files\Online Services
2006-07-16 17:08 -------- d-------- C:\Program Files\Movie Maker
2006-07-16 17:08 -------- d-------- C:\Program Files\Internet Explorer
2006-07-16 17:07 -------- d-------- C:\Program Files\Outlook Express
2006-07-16 17:07 -------- d-------- C:\Program Files\NetMeeting
2006-07-16 17:07 -------- d-------- C:\Program Files\Common Files\Services
2006-07-16 17:07 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-07-16 17:06 -------- d-------- C:\Program Files\Windows NT
2006-07-16 17:06 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-07-16 17:06 -------- d-------- C:\Program Files\MSN
2006-07-16 17:06 -------- d-------- C:\Program Files\ComPlus Applications
2006-07-16 09:49 62 --ahs---- C:\Documents and Settings\Dillon Hung\Application Data\desktop.ini
2006-07-16 09:49 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-07-16 09:49 -------- d-------- C:\Program Files\Common Files\ODBC
2006-06-16 14:34 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-06-16 01:03 172032 --a------ C:\WINDOWS\system32\cmuda.dll
2006-05-31 07:22 63768 --a------ C:\WINDOWS\system32\dxdllreg.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"CTHelper"="CTHELPER.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"Armor2net"="C:\\Program Files\\Armor2net\\Armor2net Personal Firewall\\Armor2net.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"hp 1000 firmware"="C:\\Program Files\\hp LaserJet 1000\\fwdl.exe"
"Microsoft"="C:\\WINDOWS\\wuauclt.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"hx-1"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"KernelFaultCheck"="C:\\WINDOWS\\System32\\msime.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000bd

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,86,01,00,00,00,00,00,00,7a,02,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Completion time: 30/08/2006 12:59:44.33
ComboFix.txt

[docoweatpie]

And here is a fresh HJT Log File.

Logfile of HijackThis v1.99.1
Scan saved at 1:03:32 PM, on 30/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\winupdate.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msime.exe
C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\zstatus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dillon Hung\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: A2NPopUpKiller Class - {8A321C7D-9CED-45A8-870D-DAE843A45FD0} - C:\Program Files\Armor2net\Armor2net Personal Firewall\PopUpKiller.dll
O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Armor2net] C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1153095743440
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Update Service For Windows (winupdate) - Unknown owner - C:\WINDOWS\winupdate.exe

[sUBs]

Sorry about that Dillon. Previous post was meant for another user but I mistakenly posted it to this thread.


Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Please download ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1

Download Ewido Anti-Malware → http://www.ewido.net/en/download/

• Install Ewido Anti-Malware
• Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update.

If you are having problems with the updater, you can use this link to manually update Ewido
http://download.ewido.net/ewido-sign...ll-current.exe

• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT Ewido anti-spyware. Do Not run a scan just yet.

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downloading.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


* * * * * *


Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"hx-1"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

Save this as fix.reg Choose to "Save type as - All Files"
It should look like this:
Double click on fix.reg & allow it to merge into the registry


* * * * * * DISABLING SERVICES * * * * * * * * * * * * * * * * *


Click Start → Run - type SERVICES.MSC & then click on the OK button

1. Locate the service - Update Service For Windows (winupdate)
2. Double-click on it to open the Properties dialog.
   → Change the Startup type to Disabled & then click on the Apply button
   → Stop the service by using the Stop button.
3. Then start HiJackThis & go to Config... → Misc.Tools → Delete an NT service
4. In the popup box that appears, copy/paste winupdate
5. Click on the OK button & answer No if prompted to reboot

* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - (no file)
O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe


* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *


1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.


* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools → Folder Options → View tab.

• Tick - 'Show hidden files and folder'
• Untick - 'Hide file extensions for known types'
• Untick - 'Hide protected operating system files'
• Click Yes to confirm & then click OK

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

• C:\WINDOWS\system32\Downdll6715.dll
  C:\WINDOWS\system32\Downdll2728.dll
  C:\WINDOWS\system32\Downdll2025.dll
  C:\WINDOWS\system32\Downdll8609.dll
  C:\WINDOWS\system32\Downdll313.dll
  C:\WINDOWS\system32\Downdll0.dll
  C:\WINDOWS\system32\Downdll.dll
  C:\WINDOWS\wuauclt.exe
  C:\WINDOWS\winupdate.exe
  C:\WINDOWS\System32\msime.exe
  C:\WINDOWS\system32\37211.dll

* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.


* * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * *


Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner & select the Scan tab
• Click Complete System Scan to begin scanning.
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop.

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


* * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * *


Establish an internet connection & perform an online scan with Internet Explorer at http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan


* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:

• HiJackThis log
• Online Scan
• Ewido

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[docoweatpie]

There are 2 files I can't find and delete.

C:\WINDOWS\wuauclt.exe
C:\WINDOWS\System32\msime.exe

I did manage to find wuauclt.exe at C:\WINDOWS\System32\. But I didn't delete it.


For the Online Scan Options



Am I suppose to untick the box for Scan Mail Bases? Seeing as the box blue, I thought it was supposed to be untick, but I left it ticked although.



HJT Log file

Logfile of HijackThis v1.99.1
Scan saved at 1:03:32 PM, on 30/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\winupdate.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msime.exe
C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\zstatus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dillon Hung\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: A2NPopUpKiller Class - {8A321C7D-9CED-45A8-870D-DAE843A45FD0} - C:\Program Files\Armor2net\Armor2net Personal Firewall\PopUpKiller.dll
O2 - BHO: (no name) - {E730189A-9973-4121-B046-AD1C161EC3AF} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Armor2net] C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1153095743440
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Update Service For Windows (winupdate) - Unknown owner - C:\WINDOWS\winupdate.exe



Online Scan Log.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, August 30, 2006 7:54:13 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 31/08/2006
Kaspersky Anti-Virus database records: 219574
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 53817
Number of viruses found: 3
Number of infected objects: 12 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:28:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Dillon Hung\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Dillon Hung\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dillon Hung\Desktop\Fix.doc Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\History\History.IE5\MSHist012006083020060831\index.dat Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\Temp\~DF96DE.tmp Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\Temp\~DF97B6.tmp Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\Temp\~DF9E7E.tmp Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dillon Hung\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dillon Hung\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Armor2net\Armor2net Personal Firewall\aclpus.dat Object is locked skipped
C:\Program Files\Armor2net\Armor2net Personal Firewall\ArAppLog.dat Object is locked skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP54\A0021363.exe Infected: Trojan-PSW.Win32.Lmir.baf skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP54\A0022414.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023610.exe Infected: Trojan-PSW.Win32.Lmir.baf skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023716.exe Infected: Trojan.Win32.BHO.e skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023717.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023718.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023719.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023720.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023721.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023722.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023723.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023724.dll Object is locked skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\sncool.scr Infected: Trojan.Win32.BHO.e skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023564.exe Object is locked skipped

Scan process completed.



Ewido Log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, August 30, 2006 7:54:13 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 31/08/2006
Kaspersky Anti-Virus database records: 219574
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 53817
Number of viruses found: 3
Number of infected objects: 12 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:28:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Dillon Hung\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Dillon Hung\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dillon Hung\Desktop\Fix.doc Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\History\History.IE5\MSHist012006083020060831\index.dat Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\Temp\~DF96DE.tmp Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\Temp\~DF97B6.tmp Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\Temp\~DF9E7E.tmp Object is locked skipped
C:\Documents and Settings\Dillon Hung\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dillon Hung\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dillon Hung\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Armor2net\Armor2net Personal Firewall\aclpus.dat Object is locked skipped
C:\Program Files\Armor2net\Armor2net Personal Firewall\ArAppLog.dat Object is locked skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP54\A0021363.exe Infected: Trojan-PSW.Win32.Lmir.baf skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP54\A0022414.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023610.exe Infected: Trojan-PSW.Win32.Lmir.baf skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023716.exe Infected: Trojan.Win32.BHO.e skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023717.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023718.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023719.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023720.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023721.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023722.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023723.dll Infected: Trojan-Downloader.Win32.Small.dpx skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023724.dll Object is locked skipped
C:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\sncool.scr Infected: Trojan.Win32.BHO.e skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{EB010C7A-2660-42DF-A5DE-7042B240D704}\RP56\A0023564.exe Object is locked skipped

Scan process completed.

[sUBs]

Quote:

Logfile of HijackThis v1.99.1
Scan saved at 1:03:32 PM, on 30/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

The HJT log you posted appears to be the one from yesterday. May I have a fresh one?

For the meanwhile, please delete this file - C:\WINDOWS\system32\sncool.scr

Also post a fresh combofix log

[docoweatpie]

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 12:02:44 PM, on 31/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\zstatus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dillon Hung\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: A2NPopUpKiller Class - {8A321C7D-9CED-45A8-870D-DAE843A45FD0} - C:\Program Files\Armor2net\Armor2net Personal Firewall\PopUpKiller.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Armor2net] C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1153095743440
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



Combofix Log

Dillon Hung - 06-08-31 12:04:51.16
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\Dillon Hung\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-07-31 to 2006-08-31 ))))))))))))))))))))))))))))))))))


2006-08-13 08:33 90,112 --------- C:\WINDOWS\apptune.exe
2006-08-13 08:33 45,056 --------- C:\WINDOWS\system32\zpp.dll
2006-08-13 08:33 36,864 --------- C:\WINDOWS\system32\zpppcl.dll
2006-08-13 08:33 233,525 --------- C:\WINDOWS\system32\isutil.dll
2006-08-13 08:33 151,552 --------- C:\WINDOWS\system32\SDhp1000.DLL
2006-08-13 08:33 1,941,504 --------- C:\WINDOWS\system32\pcldll6l.dll
2006-08-13 08:25 900,388 --------- C:\WINDOWS\system32\hpflash1.exe
2006-08-13 08:25 86,016 --a------ C:\WINDOWS\system32\ZSPOOL.DLL
2006-08-13 08:25 77,824 --a------ C:\WINDOWS\system32\ZLMhp1.DLL
2006-08-13 08:25 73,728 --------- C:\WINDOWS\system32\ZSHP1000.dll
2006-08-13 08:25 70,656 --------- C:\WINDOWS\system32\Sd32.dll
2006-08-13 08:25 54,784 --a------ C:\WINDOWS\system32\ZPJL.DLL
2006-08-13 08:25 49,152 --------- C:\WINDOWS\system32\Zlang.dll
2006-08-13 08:25 36,864 --------- C:\WINDOWS\system32\zstatus.exe
2006-08-13 08:25 28,672 --a------ C:\WINDOWS\system32\ZLM.DLL
2006-08-13 08:25 23,552 --------- C:\WINDOWS\system32\ZGDI32.DLL
2006-08-13 08:25 229,376 --------- C:\WINDOWS\system32\vsetup.dll
2006-08-13 08:25 19,456 --a------ C:\WINDOWS\system32\ZTAG32.DLL
2006-08-13 08:25 159,803 --a------ C:\WINDOWS\closewnd.exe
2006-08-13 08:25 147,456 --------- C:\WINDOWS\system32\ZUNINST.EXE
2006-08-13 08:25 12,288 --a------ C:\WINDOWS\system32\IMF32.DLL
2006-08-09 18:02 32,896 --a------ C:\WINDOWS\system32\APFTrans.sys
2006-08-03 18:03 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-08-03 18:00 90,112 --a------ C:\WINDOWS\system32\LVComS.exe
2006-08-03 18:00 81,920 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2006-08-03 18:00 69,632 --a------ C:\WINDOWS\system32\lvcoinst.dll
2006-08-03 18:00 57,344 --a------ C:\WINDOWS\system32\LVComC.dll
2006-08-03 18:00 172,032 --a------ C:\WINDOWS\system32\lvcodec2.dll
2006-08-03 18:00 114,688 --a------ C:\WINDOWS\system32\LVUI2.dll
2006-08-03 17:58 466,944 --a------ C:\WINDOWS\system32\CIMSVR.exe
2006-08-03 17:58 28,672 --a------ C:\WINDOWS\system32\CIMSVRps.dll
2006-08-03 17:58 233,472 --a------ C:\WINDOWS\system32\CIMVIEW.dll
2006-08-03 17:58 147,456 --a------ C:\WINDOWS\system32\MimicICM.dll
2006-08-03 17:56 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-31 09:32 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-18 15:47 -------- d-------- C:\Program Files\Google
2006-08-18 14:55 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\Macromedia
2006-08-14 19:20 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\AdobeUM
2006-08-13 12:47 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-13 12:47 -------- d-------- C:\Program Files\Common Files
2006-08-13 12:47 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\Adobe
2006-08-13 12:45 -------- d-------- C:\Program Files\Adobe
2006-08-13 08:33 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-13 08:33 -------- d-------- C:\Program Files\hp LaserJet 1000
2006-08-13 07:42 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-13 07:42 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-13 07:40 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\AVG7
2006-08-13 07:39 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-08-13 07:39 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-08-13 07:39 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-08-13 07:39 -------- d---s---- C:\Documents and Settings\Dillon Hung\Application Data\Microsoft
2006-08-13 07:39 -------- d-------- C:\Program Files\Grisoft
2006-08-10 17:45 -------- d-------- C:\Program Files\Windows Media Player
2006-08-09 20:46 26480 --a------ C:\Documents and Settings\Dillon Hung\Application Data\GDIPFONTCACHEV1.DAT
2006-08-09 16:52 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-09 16:52 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-09 16:52 -------- d-------- C:\Program Files\Common Files\Designer
2006-08-09 16:50 -------- d-------- C:\Program Files\Microsoft Office
2006-08-09 16:49 -------- d-------- C:\Program Files\Common Files\System
2006-08-07 20:46 -------- d-------- C:\Program Files\QuickTime
2006-08-04 16:48 -------- d-------- C:\Program Files\AviSynth 2.5
2006-08-04 16:47 -------- d-------- C:\Program Files\eRightSoft
2006-08-03 19:12 -------- d-------- C:\Program Files\WinZip
2006-08-03 18:01 -------- d-------- C:\Program Files\directx
2006-08-03 18:01 -------- d-------- C:\Program Files\Common Files\Logitech
2006-08-03 17:58 -------- d-------- C:\Program Files\Windows Media Components
2006-08-03 17:58 -------- d-------- C:\Program Files\Real
2006-08-03 17:58 -------- d-------- C:\Program Files\Logitech
2006-08-03 17:58 -------- d-------- C:\Program Files\Common Files\Real
2006-08-03 17:58 -------- d-------- C:\Program Files\Common Files\FotoWire
2006-08-02 10:41 -------- d-------- C:\Program Files\AIM
2006-08-01 17:19 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-01 17:19 -------- d-------- C:\Program Files\Armor2net
2006-07-31 18:58 -------- d-------- C:\Program Files\IncrediMail
2006-07-26 10:03 -------- d-------- C:\Program Files\RADVideo
2006-07-25 19:31 -------- d-------- C:\Program Files\MSXML 4.0
2006-07-24 15:11 -------- d-------- C:\Program Files\CDisplay
2006-07-24 07:16 -------- d-------- C:\Program Files\Winamp
2006-07-23 21:52 -------- d-------- C:\Program Files\Messenger
2006-07-23 15:46 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\Ahead
2006-07-23 15:04 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\Aim
2006-07-23 15:01 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\Yahoo!
2006-07-23 15:00 -------- d-------- C:\Program Files\Yahoo!
2006-07-21 18:42 -------- d-------- C:\Program Files\WinRAR
2006-07-21 17:04 -------- d-------- C:\Program Files\Common Files\ACD Systems
2006-07-20 20:03 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\Apple Computer
2006-07-19 10:42 -------- d-------- C:\Program Files\CONEXANT
2006-07-18 16:52 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\ACD Systems
2006-07-17 22:12 -------- d-------- C:\Program Files\Common Files\Ahead
2006-07-17 21:58 -------- d-------- C:\Program Files\Nero
2006-07-17 14:47 967 --a------ C:\WINDOWS\ScUnin.pif
2006-07-17 14:47 94208 --a------ C:\WINDOWS\ScUnin.exe
2006-07-17 14:19 135168 --a------ C:\WINDOWS\system32\BNCSutil.dll
2006-07-17 11:25 2829 --a------ C:\WINDOWS\War3Unin.pif
2006-07-17 11:25 139264 --a------ C:\WINDOWS\War3Unin.exe
2006-07-17 07:33 -------- d-------- C:\Program Files\MSN Messenger
2006-07-16 18:20 -------- d-------- C:\Documents and Settings\Dillon Hung\Application Data\Identities
2006-07-16 17:23 -------- d--h----- C:\Program Files\WindowsUpdate
2006-07-16 17:16 -------- d--h----- C:\Program Files\Uninstall Information
2006-07-16 17:10 0 -rahs---- C:\MSDOS.SYS
2006-07-16 17:10 0 -rahs---- C:\IO.SYS
2006-07-16 17:10 0 --a------ C:\CONFIG.SYS
2006-07-16 17:10 0 --a------ C:\AUTOEXEC.BAT
2006-07-16 17:10 -------- d-------- C:\Program Files\xerox
2006-07-16 17:10 -------- d-------- C:\Program Files\microsoft frontpage
2006-07-16 17:08 -------- d-------- C:\Program Files\Online Services
2006-07-16 17:08 -------- d-------- C:\Program Files\Movie Maker
2006-07-16 17:08 -------- d-------- C:\Program Files\Internet Explorer
2006-07-16 17:07 -------- d-------- C:\Program Files\Outlook Express
2006-07-16 17:07 -------- d-------- C:\Program Files\NetMeeting
2006-07-16 17:07 -------- d-------- C:\Program Files\Common Files\Services
2006-07-16 17:07 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-07-16 17:06 -------- d-------- C:\Program Files\Windows NT
2006-07-16 17:06 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-07-16 17:06 -------- d-------- C:\Program Files\MSN
2006-07-16 17:06 -------- d-------- C:\Program Files\ComPlus Applications
2006-07-16 09:49 62 --ahs---- C:\Documents and Settings\Dillon Hung\Application Data\desktop.ini
2006-07-16 09:49 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-07-16 09:49 -------- d-------- C:\Program Files\Common Files\ODBC
2006-06-16 14:34 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-06-16 01:03 172032 --a------ C:\WINDOWS\system32\cmuda.dll
2006-05-31 07:22 63768 --a------ C:\WINDOWS\system32\dxdllreg.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"CTHelper"="CTHELPER.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"Armor2net"="C:\\Program Files\\Armor2net\\Armor2net Personal Firewall\\Armor2net.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"hp 1000 firmware"="C:\\Program Files\\hp LaserJet 1000\\fwdl.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000bd

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,d4,01,00,00,00,00,00,00,2c,02,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Completion time: 31/08/2006 12:05:26.86
ComboFix.txt

[sUBs]

Your system is clean. Kindly follow these simple steps in order to keep your computer clean and secure:

1. CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
   Go to Start → Run → type control sysdm.cpl,,4 & press Enter
   • Tick on the checkbox - Turn off System Restore on all drives
   • Click Apply
   Turn it back 'On' by unticking the same checkbox & click OK
   
   
   
2. DISABLE THE VIEWING OF SYSTEM FILES
   From Windows Explorer, go to Tools>Folder Options> View tab.
   • Untick - Show hidden files and folder
   • Tick - Hide file extensions for known types
   • Tick - Hide protected operating system files
   Click Yes to confirm & then click OK
   
   
   
3. SECURING INTERNET EXPLORER
   From within Internet Explorer click on the Tools menu and then click on Internet Options.
   • Select the Security tab
     • Click once on the Internet icon so it becomes highlighted.
     • Select Custom Level .
       • Change 'Download signed ActiveX controls' to Prompt
       • Change 'Download unsigned ActiveX controls' to Disable
       • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
       • Change 'Installation of desktop items' to Prompt
       • Change 'Launching programs and files in an IFRAME' to Prompt
       • Change 'Navigate sub-frames across different domains' to Prompt
       • When all these changes have been made, click on the OK button.
     • If it prompts you as to whether or not you want to save the settings, press the Yes button.
   • Select OK to exit the Internet Properties page.
   
   
   
4. ANTIVIRUS SOFTWARE
   It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
   
   See this link for a listing of some online & their stand-alone antivirus programs:
   
   Virus, Spyware, and Malware Protection and Removal Resources → http://www.bleepingcomputer.com/forums/topict405.html
   
   It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
   
5. FIREWALL
   Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here → http://www.bleepingcomputer.com/forums/tutorial60.html
   
   
   
6. Microsoft Windows Update → http://www.windowsupdate.com
   Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
   
7. SPYBOT - SEARCH & DESTROY
   Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial43.html
   
   
8. AD-AWARE
   Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial48.html
   
   
   
9. SPYWAREBLASTER
   SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.
   
   Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html
   
   
   
10. IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://toolbar.google.com/ - Google Toolbar - Get the free google toolbar to help stop pop up windows.
  
  
• http://cleanup.stevengould.org/ - CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
  
  
• http://www.winpatrol.com/ -Winpatrol - Download and install the free version of Winpatrol.
  A tutorial for this product is located here: http://www.winpatrol.com/features.html

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.

[docoweatpie]

Alright, thnx alot for the help. My computer seem to be running O.K. I'll be sure to ask help next time if needed. Thnx again!!