Deskbar,MediaMotor,Look2me.Topconverting,Windows.S ecurity.Internetexplorer, Newdotn

[nateeeeeeeee]

Recently i tried to get a version of Quicktime Pro. But unluckily for me the Quicktime Pro was a virus/trojan/worm. I started to get insane amounts of pop up son both internet explorer and firefox. if firefox is open then the website will change rapidly to show off some popup stopper. Spybot detects the following things; Deskbar,MediaMotor,Look2me.Topconverting,Windows.Security.Internetexplorer, Newdotnet, Advertising.com,and Doubleclick and they seem to be coming back. I did have SurfSidekick 3 and i think i got rid of it, or most of it. and the pop ups have gotten better. but they still are pretty bad. thank you in advance for the help.


My log is Below:

Logfile of HijackThis v1.99.0
Scan saved at 7:54:15 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\dfndrff_16.exe
C:\kybrdff_16.exe
C:\WINDOWS\sys012012684845-.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\ms074845-201268.exe
C:\WINDOWS\win320945-20126848.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\{8808DDD3-0AE9-1033-0423-030303240001}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PSLister\PSLister.exe
C:\Program Files\CMFibula\CMFibula.exe
C:\WINDOWS\system32\crunner\cproc.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\limewire\limewire.exe
C:\Documents and Settings\Nathan.****MASTERN\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ogtwrur.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_16.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_16.exe
O4 - HKLM\..\Run: [uuzdbf47] RUNDLL32.EXE w1c6b017.dll,n 003dbf44000000031c6b017
O4 - HKLM\..\Run: [{8D-DD-DD-D3-ZN}] C:\windows\system32\osdsrego.exe GEN001
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwintpex.exe GEN001
O4 - HKLM\..\Run: [loaddr] C:\topaff.exe
O4 - HKLM\..\Run: [sys012012684845-] C:\WINDOWS\sys012012684845-.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [ms074845-201268] C:\WINDOWS\ms074845-201268.exe
O4 - HKLM\..\Run: [win320945-20126848] C:\WINDOWS\win320945-20126848.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Rule flap burn proxy] C:\Documents and Settings\All Users.WINDOWS\Application Data\name wave rule flap\Meow Thunk.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [GrimEqHeckUp] C:\Documents and Settings\All Users.WINDOWS\Application Data\Hold 01 Grim Eq\KEEPACID.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PSLister] "C:\Program Files\PSLister\PSLister.exe"
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [rqkw] C:\PROGRA~1\COMMON~1\rqkw\rqkwm.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [amen shim] C:\DOCUME~1\NATHAN~1.PIM\APPLIC~1\gridload\Interjugs.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: taskmgr.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10908.dll' missing
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://www.entensity.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://shizmoo.com/activex/web665.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[nateeeeeeeee]

Also, i forgot to mention, my task manager won't open.

[sUBs]

Do a HijackThis scan & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ogtwrur. exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_16.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_16.exe
O4 - HKLM\..\Run: [uuzdbf47] RUNDLL32.EXE w1c6b017.dll,n 003dbf44000000031c6b017
O4 - HKLM\..\Run: [{8D-DD-DD-D3-ZN}] C:\windows\system32\osdsrego.exe GEN001
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwintpex.exe GEN001
O4 - HKLM\..\Run: [loaddr] C:\topaff.exe
O4 - HKLM\..\Run: [sys012012684845-] C:\WINDOWS\sys012012684845-.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [ms074845-201268] C:\WINDOWS\ms074845-201268.exe
O4 - HKLM\..\Run: [win320945-20126848] C:\WINDOWS\win320945-20126848.exe
O4 - HKLM\..\Run: [Rule flap burn proxy] C:\Documents and Settings\All Users.WINDOWS\Application Data\name wave rule flap\Meow Thunk.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [GrimEqHeckUp] C:\Documents and Settings\All Users.WINDOWS\Application Data\Hold 01 Grim Eq\KEEPACID.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [PSLister] "C:\Program Files\PSLister\PSLister.exe"
O4 - HKCU\..\Run: [CMFibula] "C:\Program Files\CMFibula\CMFibula.exe"
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [rqkw] C:\PROGRA~1\COMMON~1\rqkw\rqkwm.exe
O4 - HKCU\..\Run: [amen shim] C:\DOCUME~1\NATHAN~1.PIM\APPLIC~1\gridload\Interju gs.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://www.entensity.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)


* * * * * *


1. Download this file using either of these links

http://download.bleepingcomputer.com/sUBs/combofix.exe

http://www.techsupportforum.com/sectools/combofix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[sUBs]

This is to be performed after you have posted the required logs.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8 - http://java.sun.com/javase/downloads/index.jsp
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.

[nateeeeeeeee]

Combo Fix Log:
Nathan - 06-09-06 21:34:53.79
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Nathan.****MASTERN\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{4EC98B8B-136E-4B6E-9D76-243B83BBEF0E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4EC98B8B-136E-4B6E-9D76-243B83BBEF0E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4EC98B8B-136E-4B6E-9D76-243B83BBEF0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4EC98B8B-136E-4B6E-9D76-243B83BBEF0E}\InprocServer32]
@="C:\\WINDOWS\\system32\\utandlg.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp_tobedeleted


Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\p2pnetworking.exe
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\keyboard1.dat
C:\dfndrff_15.exe
C:\dfndrff_16.exe
C:\deskbar2.exe
C:\deskbar3.exe
C:\kybrdff_15.exe
C:\kybrdff_16.exe
C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\system32\WinNB58.dll
C:\WINDOWS\justin.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\uninst104.exe
C:\WINDOWS\wallpap.exe
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon
C:\Program Files\batty2
C:\Program Files\winupdates
C:\Program Files\cmfibula
C:\Program Files\Deskbar
C:\Program Files\PSLister
C:\WINDOWS\system32\crunner
C:\Program Files\Common Files\{8808DDD3-0AE9-1033-0423-030303240001}


((((((((((((((((((((((((((((((( Files Created from 2006-08-06 to 2006-09-06 ))))))))))))))))))))))))))))))))))


2006-09-06 21:28 45,056 --a------ C:\WINDOWS\cfg32s.dll
2006-09-06 21:28 397,312 --a------ C:\WINDOWS\cfg32p.dll
2006-09-06 21:28 110,592 --a------ C:\WINDOWS\cfg32o.dll
2006-09-06 21:28 102,400 --a------ C:\WINDOWS\cfg32r.dll
2006-09-05 20:24 163,840 --a------ C:\WINDOWS\win32074845-201268.exe
2006-09-05 19:29 233,985 -r--s---- C:\WINDOWS\system32\irp4l57q1.dll
2006-09-05 19:18 236,079 -r--s---- C:\WINDOWS\system32\khdhe220.dll
2006-09-04 20:15 236,079 -r--s---- C:\WINDOWS\system32\l4p20e7oeh.dll
2006-09-02 23:00 236,079 -r--s---- C:\WINDOWS\system32\LUJ2K13n.dll
2006-09-02 22:49 236,079 -r--s---- C:\WINDOWS\system32\vzajet32.dll
2006-09-02 22:49 236,079 -r--s---- C:\WINDOWS\system32\ktj0l71m1.dll
2006-09-02 22:36 236,079 -r--s---- C:\WINDOWS\system32\s4rsle971h.dll
2006-09-02 01:02 159,744 --a------ C:\WINDOWS\ms074845-201268.exe
2006-09-02 01:01 234,142 -r--s---- C:\WINDOWS\system32\r88slil718q.dll
2006-09-01 23:21 24,296 --a------ C:\WINDOWS\icont.exe
2006-09-01 23:06 236,079 -r--s---- C:\WINDOWS\system32\mqexch40.dll
2006-09-01 14:11 159,744 --a------ C:\WINDOWS\sys012012684845-.exe
2006-09-01 12:27 235,364 -r--s---- C:\WINDOWS\system32\i2060cdsef060.dll
2006-09-01 12:27 234,762 -r--s---- C:\WINDOWS\system32\udtfs.dll
2006-09-01 03:30 32,768 --a------ C:\WINDOWS\unstall.exe
2006-09-01 03:30 126,976 --a------ C:\WINDOWS\system32\ieserv.exe
2006-09-01 03:29 991,232 --a------ C:\WINDOWS\system32\rk.exe
2006-09-01 03:29 928 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-09-01 03:29 215,308 --a------ C:\WINDOWS\Setup90.exe
2006-09-01 03:29 2,560 --a------ C:\WINDOWS\ac3_0002.exe
2006-09-01 03:29 139,264 --a------ C:\WINDOWS\MirarSetup_876075.exe
2006-09-01 03:29 115,160 --a------ C:\WINDOWS\Eim03.exe
2006-09-01 03:28 61,952 --a------ C:\WINDOWS\system32\uuzdbf47.dll
2006-09-01 03:28 186,223 --a------ C:\WINDOWS\srvqatxmpl.exe
2006-09-01 03:28 1,233 --a------ C:\WINDOWS\system32\uuzdbf47.sys
2006-09-01 03:27 215,308 --a------ C:\WINDOWS\srvsrvoncf.exe
2006-09-01 03:27 192 --a------ C:\WINDOWS\system32\ggg.bat
2006-09-01 03:26 20,480 --a------ C:\WINDOWS\system32\dr.exe
2006-09-01 03:26 138,862 --a------ C:\WINDOWS\system32\install.exe
2006-09-01 03:25 32,768 --a------ C:\WINDOWS\system32\setup9x.exe
2006-08-30 12:05 80,384 --a------ C:\WINDOWS\system32\nsa19C5.dll
2006-08-21 18:41 159,744 --a------ C:\WINDOWS\tapeG22.exe
2006-08-21 16:48 53,248 --a------ C:\WINDOWS\uni_ehhhh.exe
2006-08-14 20:52 78,848 --a------ C:\WINDOWS\system32\nsj19B2.dll
2006-08-07 11:17 61,440 --a------ C:\WINDOWS\system32\BattyRun2.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-06 21:37 -------- d-------- C:\Program Files\Common Files
2006-09-06 21:27 -------- d-------- C:\Program Files\SP2 Connection Patcher
2006-09-05 22:20 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-05 22:20 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-05 19:39 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-05 19:39 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-05 19:39 -------- d-------- C:\Documents and Settings\Nathan.****MASTERN\Application Data\AVG7
2006-09-05 19:38 -------- d-------- C:\Program Files\Grisoft
2006-09-05 19:18 -------- d-------- C:\Program Files\Common Files\rqkw
2006-09-04 21:01 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-04 21:01 -------- d-------- C:\Program Files\QuickTime
2006-09-02 01:04 124 --a------ C:\Documents and Settings\Nathan.****MASTERN\Application Data\iScrobbler.ini
2006-09-01 12:16 -------- d-------- C:\Program Files\ATI Technologies
2006-09-01 03:29 -------- d-------- C:\Program Files\Common Files\misc002
2006-09-01 03:27 -------- d-------- C:\Program Files\MSN
2006-09-01 03:27 -------- d-------- C:\Program Files\Messenger
2006-09-01 03:25 147456 --a--c--- C:\WINDOWS\system32\vbzip10.dll
2006-08-31 00:27 -------- d-------- C:\Documents and Settings\Nathan.****MASTERN\Application Data\Adobe
2006-08-09 05:01 -------- d-------- C:\Program Files\Internet Explorer
2006-07-31 23:37 -------- d-------- C:\Program Files\AIM
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-11 16:09 -------- d-------- C:\Program Files\World of Warcraft
2006-07-08 23:49 -------- d-------- C:\Program Files\Ventrilo
2006-07-08 23:48 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /run"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\jusched.exe"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"IMONTRAY"="C:\\Program Files\\Intel\\Intel(R) Active Monitor\\imontray.exe"
"DeadAIM"="rundll32.exe \"C:\\Program Files\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"CTHelper"="CTHELPER.EXE"
"CTDVDDet"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
"win32074845-201268"="C:\\WINDOWS\\win32074845-201268.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Disabled]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"warez"="\"C:\\Program Files\\Warez P2P Client\\warez.exe\" -h"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RcMan.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Disabled]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoStartBanner"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Messenger\\kybe.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\MSN\\hoxyma.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d0,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"NISUM"=dword:00000002
"navapsvc"=dword:00000002
"Adobe LM Service"=dword:00000003



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AEEB493F91B0F97B.job
C:\WINDOWS\tasks\B42DEAA483766088.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Wed 09/06/2006 21:38:18.70
ComboFix.txt


HiJackThis:Logfile of HijackThis v1.99.0
Scan saved at 9:41:34 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\win32074845-201268.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\Duce6.exe
C:\Documents and Settings\Nathan.****MASTERN\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [win32074845-201268] C:\WINDOWS\win32074845-201268.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10908.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://shizmoo.com/activex/web665.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

and i will update my java now. thank you.

[sUBs]

Please reboot your machine & run combofix once more

[nateeeeeeeee]

Nathan - 06-09-06 21:53:56.32
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Nathan.****MASTERN\Desktop

Microsoft Windows XP [Version 5.1.2600]

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\Duce6.exe


((((((((((((((((((((((((((((((( Files Created from 2006-08-06 to 2006-09-06 ))))))))))))))))))))))))))))))))))


2006-09-06 21:28 45,056 --a------ C:\WINDOWS\cfg32s.dll
2006-09-06 21:28 397,312 --a------ C:\WINDOWS\cfg32p.dll
2006-09-06 21:28 110,592 --a------ C:\WINDOWS\cfg32o.dll
2006-09-06 21:28 102,400 --a------ C:\WINDOWS\cfg32r.dll
2006-09-05 20:24 163,840 --a------ C:\WINDOWS\win32074845-201268.exe
2006-09-05 19:29 233,985 -r--s---- C:\WINDOWS\system32\irp4l57q1.dll
2006-09-05 19:18 236,079 -r--s---- C:\WINDOWS\system32\khdhe220.dll
2006-09-04 20:15 236,079 -r--s---- C:\WINDOWS\system32\l4p20e7oeh.dll
2006-09-02 23:00 236,079 -r--s---- C:\WINDOWS\system32\LUJ2K13n.dll
2006-09-02 22:49 236,079 -r--s---- C:\WINDOWS\system32\ktj0l71m1.dll
2006-09-02 01:02 159,744 --a------ C:\WINDOWS\ms074845-201268.exe
2006-09-01 23:21 24,296 --a------ C:\WINDOWS\icont.exe
2006-09-01 14:11 159,744 --a------ C:\WINDOWS\sys012012684845-.exe
2006-09-01 03:30 32,768 --a------ C:\WINDOWS\unstall.exe
2006-09-01 03:30 126,976 --a------ C:\WINDOWS\system32\ieserv.exe
2006-09-01 03:29 991,232 --a------ C:\WINDOWS\system32\rk.exe
2006-09-01 03:29 928 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-09-01 03:29 215,308 --a------ C:\WINDOWS\Setup90.exe
2006-09-01 03:29 2,560 --a------ C:\WINDOWS\ac3_0002.exe
2006-09-01 03:29 139,264 --a------ C:\WINDOWS\MirarSetup_876075.exe
2006-09-01 03:29 115,160 --a------ C:\WINDOWS\Eim03.exe
2006-09-01 03:28 61,952 --a------ C:\WINDOWS\system32\uuzdbf47.dll
2006-09-01 03:28 186,223 --a------ C:\WINDOWS\srvqatxmpl.exe
2006-09-01 03:28 1,233 --a------ C:\WINDOWS\system32\uuzdbf47.sys
2006-09-01 03:27 215,308 --a------ C:\WINDOWS\srvsrvoncf.exe
2006-09-01 03:27 192 --a------ C:\WINDOWS\system32\ggg.bat
2006-09-01 03:26 20,480 --a------ C:\WINDOWS\system32\dr.exe
2006-09-01 03:26 138,862 --a------ C:\WINDOWS\system32\install.exe
2006-09-01 03:25 32,768 --a------ C:\WINDOWS\system32\setup9x.exe
2006-08-30 12:05 80,384 --a------ C:\WINDOWS\system32\nsa19C5.dll
2006-08-21 18:41 159,744 --a------ C:\WINDOWS\tapeG22.exe
2006-08-21 16:48 53,248 --a------ C:\WINDOWS\uni_ehhhh.exe
2006-08-14 20:52 78,848 --a------ C:\WINDOWS\system32\nsj19B2.dll
2006-08-07 11:17 61,440 --a------ C:\WINDOWS\system32\BattyRun2.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-06 21:53 124 --a------ C:\Documents and Settings\Nathan.****MASTERN\Application Data\iScrobbler.ini
2006-09-06 21:51 -------- d-------- C:\Program Files\Java
2006-09-06 21:47 -------- d-------- C:\Program Files\Common Files
2006-09-06 21:27 -------- d-------- C:\Program Files\SP2 Connection Patcher
2006-09-05 22:20 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-05 22:20 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-05 19:39 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-05 19:39 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-05 19:39 -------- d-------- C:\Documents and Settings\Nathan.****MASTERN\Application Data\AVG7
2006-09-05 19:38 -------- d-------- C:\Program Files\Grisoft
2006-09-05 19:18 -------- d-------- C:\Program Files\Common Files\rqkw
2006-09-04 21:01 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-04 21:01 -------- d-------- C:\Program Files\QuickTime
2006-09-01 12:16 -------- d-------- C:\Program Files\ATI Technologies
2006-09-01 03:29 -------- d-------- C:\Program Files\Common Files\misc002
2006-09-01 03:27 -------- d-------- C:\Program Files\MSN
2006-09-01 03:27 -------- d-------- C:\Program Files\Messenger
2006-09-01 03:25 147456 --a--c--- C:\WINDOWS\system32\vbzip10.dll
2006-08-31 00:27 -------- d-------- C:\Documents and Settings\Nathan.****MASTERN\Application Data\Adobe
2006-08-09 05:01 -------- d-------- C:\Program Files\Internet Explorer
2006-07-31 23:37 -------- d-------- C:\Program Files\AIM
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-11 16:09 -------- d-------- C:\Program Files\World of Warcraft
2006-07-08 23:49 -------- d-------- C:\Program Files\Ventrilo
2006-07-08 23:48 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /run"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"IMONTRAY"="C:\\Program Files\\Intel\\Intel(R) Active Monitor\\imontray.exe"
"DeadAIM"="rundll32.exe \"C:\\Program Files\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"CTHelper"="CTHELPER.EXE"
"CTDVDDet"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
"win32074845-201268"="C:\\WINDOWS\\win32074845-201268.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Disabled]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"warez"="\"C:\\Program Files\\Warez P2P Client\\warez.exe\" -h"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RcMan.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Disabled]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoStartBanner"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Messenger\\kybe.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\MSN\\hoxyma.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d0,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"NISUM"=dword:00000002
"navapsvc"=dword:00000002
"Adobe LM Service"=dword:00000003



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AEEB493F91B0F97B.job
C:\WINDOWS\tasks\B42DEAA483766088.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Wed 09/06/2006 21:55:18.67
ComboFix.txt
ComboFix2.txt

[sUBs]

Download & launch KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)





Select the following option - delete on Reboot
Use your mouse to select all the filenames listed below & then right-click & select Copy

• C:\WINDOWS\tasks\AEEB493F91B0F97B.job
  C:\WINDOWS\tasks\B42DEAA483766088.job
  C:\WINDOWS\cfg32s.dll
  C:\WINDOWS\cfg32p.dll
  C:\WINDOWS\cfg32o.dll
  C:\WINDOWS\cfg32r.dll
  C:\WINDOWS\win32074845-201268.exe
  C:\WINDOWS\system32\irp4l57q1.dll
  C:\WINDOWS\system32\khdhe220.dll
  C:\WINDOWS\system32\l4p20e7oeh.dll
  C:\WINDOWS\system32\LUJ2K13n.dll
  C:\WINDOWS\system32\ktj0l71m1.dll
  C:\WINDOWS\ms074845-201268.exe
  C:\WINDOWS\icont.exe
  C:\WINDOWS\sys012012684845-.exe
  C:\WINDOWS\unstall.exe
  C:\WINDOWS\system32\ieserv.exe
  C:\WINDOWS\system32\rk.exe
  C:\WINDOWS\system32\winpfg32.sys
  C:\WINDOWS\Setup90.exe
  C:\WINDOWS\ac3_0002.exe
  C:\WINDOWS\MirarSetup_876075.exe
  C:\WINDOWS\Eim03.exe
  C:\WINDOWS\system32\uuzdbf47.dll
  C:\WINDOWS\srvqatxmpl.exe
  C:\WINDOWS\system32\uuzdbf47.sys
  C:\WINDOWS\srvsrvoncf.exe
  C:\WINDOWS\system32\ggg.bat
  C:\WINDOWS\system32\dr.exe
  C:\WINDOWS\system32\install.exe
  C:\WINDOWS\system32\setup9x.exe
  C:\WINDOWS\system32\nsa19C5.dll
  C:\WINDOWS\tapeG22.exe
  C:\WINDOWS\uni_ehhhh.exe
  C:\WINDOWS\system32\nsj19B2.dll
  C:\WINDOWS\system32\BattyRun2.dll
  C:\Program Files\Messenger\kybe.html
  C:\Program Files\MSN\hoxyma.html
  
  
  
  
  
  

1. Launch Killbox by double clicking Killbox.exe

2. Go to the File menu, and select 'Paste from Clipboard'

3. If done corrrectly, you should see filepaths appearing in the box:- 'Full Path of file to delete'





4. Click the arrow to the right of the box, to review the filepaths.
Do not be alarmed if some of the files do not appear. This only means that they no longer exist.

5. Click the RED X button.

6. Select the option - delete on Reboot




7. Click Yes at the 'Delete on Reboot' prompt.
8. Click Yes at the 'Delete Next Reboot'.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.


========


After rebooting, do a HijackThis scan & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O4 - HKLM\..\Run: [win32074845-201268] C:\WINDOWS\win32074845-201268.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe


========


Next go to Control Panel click Display>Desktop>Customize Desktop>Website
Under the 'Web pages' box, delete everything present.


* * * * * *


Establish an internet connection & perform an online scan with Internet Explorer at:
http://www.pandasoftware.com/products/activescan.htm

1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Click Scan Now
3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on see report. Then click Save report

Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan


* * * * * *


In your next post, please include fresh copies of:

• HiJackThis log
• Online scan
• Combofix log

[nateeeeeeeee]

Can i get more in depth information on pocket killbox. I don't understand how to get those files on the list.

[sUBs]

Edited post #8 ..please refer to that

[nateeeeeeeee]

the files won't show up on the list.

[nateeeeeeeee]

im opening windows explorer.. going to the directory... right clicking the files...hiting copy... then on killbox hitting paste from clipboard. and nothing happens.

[sUBs]

Which list are you copying from?

This is the list that you're supposed to copy ...

Drag your mouse over the filepaths listed in blue & press [ctrl]+[c] to copy

C:\WINDOWS\tasks\AEEB493F91B0F97B.job
C:\WINDOWS\tasks\B42DEAA483766088.job
C:\WINDOWS\cfg32s.dll
C:\WINDOWS\cfg32p.dll
C:\WINDOWS\cfg32o.dll
C:\WINDOWS\cfg32r.dll
C:\WINDOWS\win32074845-201268.exe
C:\WINDOWS\system32\irp4l57q1.dll
C:\WINDOWS\system32\khdhe220.dll
C:\WINDOWS\system32\l4p20e7oeh.dll
C:\WINDOWS\system32\LUJ2K13n.dll
C:\WINDOWS\system32\ktj0l71m1.dll
C:\WINDOWS\ms074845-201268.exe
C:\WINDOWS\icont.exe
C:\WINDOWS\sys012012684845-.exe
C:\WINDOWS\unstall.exe
C:\WINDOWS\system32\ieserv.exe
C:\WINDOWS\system32\rk.exe
C:\WINDOWS\system32\winpfg32.sys
C:\WINDOWS\Setup90.exe
C:\WINDOWS\ac3_0002.exe
C:\WINDOWS\MirarSetup_876075.exe
C:\WINDOWS\Eim03.exe
C:\WINDOWS\system32\uuzdbf47.dll
C:\WINDOWS\srvqatxmpl.exe
C:\WINDOWS\system32\uuzdbf47.sys
C:\WINDOWS\srvsrvoncf.exe
C:\WINDOWS\system32\ggg.bat
C:\WINDOWS\system32\dr.exe
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\setup9x.exe
C:\WINDOWS\system32\nsa19C5.dll
C:\WINDOWS\tapeG22.exe
C:\WINDOWS\uni_ehhhh.exe
C:\WINDOWS\system32\nsj19B2.dll
C:\WINDOWS\system32\BattyRun2.dll
C:\Program Files\Messenger\kybe.html
C:\Program Files\MSN\hoxyma.html

[nateeeeeeeee]

thats the list... how exactly do you select the files. just by using windows explorer?

[sUBs]

Nothing to do with internet explorer. Just copy the list from this webpage

[nateeeeeeeee]

OHHH. ok i understand. i thought i had to locate every individual file. thanks. gotchya.

[nateeeeeeeee]

the online scan log was amazingly long. no way you have time to read it. but i did attatch it since it was too long to put into the post.



Hijackthis:
Logfile of HijackThis v1.99.0
Scan saved at 11:59:22 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Nathan.****MASTERN\My Documents\hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10908.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://shizmoo.com/activex/web665.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



ComboFix Log:
Nathan - 06-09-07 0:02:16.56
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Nathan.****MASTERN\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((( Files Created from 2006-08-07 to 2006-09-07 ))))))))))))))))))))))))))))))))))


2006-09-06 22:40 32,768 --a------ C:\WINDOWS\wcnzbqom.exe
2006-09-06 22:28 32,768 --a------ C:\WINDOWS\lcwttftr.exe
2006-09-06 22:16 32,768 --a------ C:\WINDOWS\tiyrxqzl.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-06 23:32 -------- d-------- C:\Program Files\QuickTime
2006-09-06 23:29 -------- d-------- C:\Program Files\Norton AntiVirus
2006-09-06 23:29 -------- d-------- C:\Program Files\MSN Messenger
2006-09-06 23:29 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-06 23:28 -------- d-------- C:\Program Files\Messenger
2006-09-06 23:26 -------- d-------- C:\Program Files\Internet Explorer
2006-09-06 23:22 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-06 23:20 -------- d-------- C:\Program Files\AIM
2006-09-06 22:47 -------- d-------- C:\Program Files\Common Files
2006-09-06 22:46 -------- d-------- C:\Program Files\MSN
2006-09-06 22:45 124 --a------ C:\Documents and Settings\Nathan.****MASTERN\Application Data\iScrobbler.ini
2006-09-06 21:51 -------- d-------- C:\Program Files\Java
2006-09-06 21:27 -------- d-------- C:\Program Files\SP2 Connection Patcher
2006-09-05 22:20 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-05 22:20 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-05 19:39 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-05 19:39 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-05 19:39 -------- d-------- C:\Documents and Settings\Nathan.****MASTERN\Application Data\AVG7
2006-09-05 19:38 -------- d-------- C:\Program Files\Grisoft
2006-09-05 19:18 -------- d-------- C:\Program Files\Common Files\rqkw
2006-09-04 21:01 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-01 12:16 -------- d-------- C:\Program Files\ATI Technologies
2006-09-01 03:29 -------- d-------- C:\Program Files\Common Files\misc002
2006-09-01 03:25 147456 --a--c--- C:\WINDOWS\system32\vbzip10.dll
2006-08-31 00:27 -------- d-------- C:\Documents and Settings\Nathan.****MASTERN\Application Data\Adobe
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-11 16:09 -------- d-------- C:\Program Files\World of Warcraft
2006-07-08 23:49 -------- d-------- C:\Program Files\Ventrilo
2006-07-08 23:48 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /run"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"IMONTRAY"="C:\\Program Files\\Intel\\Intel(R) Active Monitor\\imontray.exe"
"DeadAIM"="rundll32.exe \"C:\\Program Files\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"CTHelper"="CTHELPER.EXE"
"CTDVDDet"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Disabled]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"warez"="\"C:\\Program Files\\Warez P2P Client\\warez.exe\" -h"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RcMan.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Disabled]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoStartBanner"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"NISUM"=dword:00000002
"navapsvc"=dword:00000002
"Adobe LM Service"=dword:00000003



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AEEB493F91B0F97B.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Thu 09/07/2006 0:04:20.56
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

[sUBs]

Quote:

the online scan log was amazingly long. no way you have time to read it.

Contrarary to assumption, I DO read it. :)

* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.

• Tick - 'Show hidden files and folder'
• Untick - 'Hide file extensions for known types'
• Untick - 'Hide protected operating system files'
• Click Yes to confirm & then click OK

Locate and delete the following files/folders: (make sure you get ALL of them)

• C:\WINDOWS\wcnzbqom.exe
  C:\WINDOWS\lcwttftr.exe
  C:\WINDOWS\tiyrxqzl.exe
  C:\WINDOWS\tasks\AEEB493F91B0F97B.job
  C:\WINDOWS\TmF0aGFuIEJyYW5zY29tZQ\
  c:\program files\Winad Client
  c:\windows\system32\rlls.dll

Delete the contents of this folder, leaving it empty:

• C:\Documents and Settings\Nathan.****MASTERN\Shared\

* * * * * *


Then do another online scan but using a different scanner - http://www.bitdefender.com/scan8/ie.html
I would require the log produced by the online scan & a fresh combofix log.

[nateeeeeeeee]

C:\WINDOWS\tasks\AEEB493F91B0F97B.job

i couldn't find this file.

and for C:\Documents and Settings\Nathan.****MASTERN\Shared\

thats all my mp3s. i have like 4500. i cant delete it. although i found ah idden folder filled with weird files. so i did delete that.

ill post logs shortly

[sUBs]

Quote:

and for C:\Documents and Settings\Nathan.****MASTERN\Shared\

thats all my mp3s. i have like 4500. i cant delete it. although i found ah idden folder filled with weird files. so i did delete that.

Was it this folder that you deleted - C:\Documents and Settings\Nathan.****MASTERN\Shared\_\

Quote:

C:\WINDOWS\tasks\AEEB493F91B0F97B.job

i couldn't find this file.

Try this... goto the directory - C:\WINDOWS\tasks
Click on the 'Advanced' menu (located above) & select 'View Hidden Tasks'

You should be able to see it then