Trying to keep my computer from dying on me...

**GeminiKitty** · 23-10-2006

For the past couple of weeks I have been having a lot of problems. So I downloaded and scanned Spybot everyday for about a week. Things seemed to be okay at first after doing this but then the troubles I had before getting Spybot multiplied. So I got AVG and ran a scan and thats when all kinds of things went wrong. The virus found window would pop up constantly, my computer would randomly make awful noises, freeze up all the time, many of my programs went haywire and the internet ran very poorly if at all. So I found this site and did all the things listed in the read first procedures. The scans I did on Spybot and Ad Aware turned up a lot of things and I got rid of them and my last virus scan with AVG turned up clean now all of a sudden. Lastly, I have done the HijackThis scan and so here is the log so that I can receive any additional help.

Logfile of HijackThis v1.99.1
Scan saved at 1:22:54 AM, on 10/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Batty2\Batty2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\S4F\Filter7.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\kwinmpes.exe
C:\DOCUME~1\Ashley\MYDOCU~1\MANTEC~1\services.exe
C:\Program Files\PSDream\PSDream.exe
c:\windows\system32\dwdsregt.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msconfig.exe
c:\windows\system32\rlvknlg.exe
C:\Program Files\Netscape Internet Service\NSClient.exe
C:\Program Files\Netscape Internet Service\_NSWatchman.exe
C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://danung.com/mouflon/forum/inde...eae40c13999b5f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5400
R3 - URLSearchHook: (no name) - {593B988E-2463-5C99-4916-2EC79C77B1BF} - C:\WINDOWS\system32\ncronawc.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\wjqjf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,iexnply. exe
O2 - BHO: (no name) - {593B988E-2463-5C99-4916-2EC79C77B1BF} - C:\WINDOWS\system32\ncronawc.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [S4F] "C:\Program Files\S4F\Filter7.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Netscape] "C:\Program Files\Common Files\ISPCOMP\InstallService.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [dgm28199] RUNDLL32.EXE w02e94fc.dll,n 006281930000000302e94fc
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\kwinmpes.exe GEN001
O4 - HKLM\..\Run: [{1A-A6-65-55-ZN}] c:\windows\system32\dwdsregt.exe GEN001
O4 - HKCU\..\Run: [Snte] "C:\DOCUME~1\Ashley\MYDOCU~1\MANTEC~1\services.exe " -vt ndrv
O4 - HKCU\..\Run: [Lvekta] "C:\Program Files\M?crosoft\t?skmgr.exe"
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Felix2.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\oldsrego.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\kwinmpes.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk.disabled
O4 - Global Startup: Copy of America Online 9.0 Tray Icon.lnk.disabled
O4 - Global Startup: msconfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1158082160859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158082112562
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/z...ploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE57BB9C-8578-40F3-814A-223586FD6497}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: BattyRun2.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\j6j6lg1s16.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Thank you in advance to anyone who helps guide me through this.

**GeminiKitty** · 23-10-2006

*Bump*

**VopThis** · 24-10-2006

Remove the following programs in 'Add/Remove Programs' (Control Panel), if found:

winupdates
SpywareBot (suspect history and unknown effectiveness issues)
winupdate

1. Download combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply (logfile is located at C:\ComboFix.txt).

Note:
Do not mouse click combofix's window whilst it's running. That may cause it to stall.

Please provide:

- a fresh HijackThis log
- combofix log

**GeminiKitty** · 25-10-2006

I got rid of the Spybot but as far as the winupdates did you mean for me to get rid of all of the windows updates on the list? Also, when trying to run the combofix this window would show up, even if I don't click on it while it is running.

Here is the new hijackthis log....

Logfile of HijackThis v1.99.1
Scan saved at 10:47:43 PM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Batty2\Batty2.exe
C:\WINDOWS\system32\wscntfy.exe
c:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\DOCUME~1\Ashley\MYDOCU~1\MANTEC~1\services.exe
C:\Program Files\PSDream\PSDream.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msconfig.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {454EF08E-4B30-33C1-48F6-10D4BDC5ABB8} - C:\WINDOWS\system32\szhzass.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\wjqjf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,iexnply. exe
O2 - BHO: (no name) - {454EF08E-4B30-33C1-48F6-10D4BDC5ABB8} - C:\WINDOWS\system32\szhzass.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [S4F] "C:\Program Files\S4F\Filter7.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Netscape] "C:\Program Files\Common Files\ISPCOMP\InstallService.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [dgm28199] RUNDLL32.EXE w02e94fc.dll,n 006281930000000302e94fc
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Snte] "C:\DOCUME~1\Ashley\MYDOCU~1\MANTEC~1\services.exe " -vt ndrv
O4 - HKCU\..\Run: [Lvekta] "C:\Program Files\M?crosoft\t?skmgr.exe"
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Felix2.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\oldsrego.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk.disabled
O4 - Global Startup: Copy of America Online 9.0 Tray Icon.lnk.disabled
O4 - Global Startup: msconfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1158082160859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158082112562
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/z...ploader_v5.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: BattyRun2.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\j6j6lg1s16.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

**VopThis** · 25-10-2006

I got rid of the Spybot

Were looking to get rid of 'SpywareBot' not 'SpyBot'.

but as far as the winupdates did you mean for me to get rid of all of the windows updates on the list?

No - good your asked.

Let us see what is loaded on your PC:

Run HijackThis and Click ‘Open the Misc Tools section’ button.
Then click the ‘Open Uninstall Manager…’ button.
Click the ‘Save list…’ button. Save uninstall_list to your desktop.
Open the Uninstall list file and post in your next reply please.

Also, when trying to run the combofix this window would show up, even if I don't click on it while it is running.

Try running the combofix in SAFE MODE (tap the F8 key after the beep while rebooting).

**GeminiKitty** · 25-10-2006

Combofix log

Ashley - 06-10-25 0:43:46.67 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Ashley\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{5ECDCA91-1D62-412B-BFDD-8263364F9FD8}]
@=""

[HKEY_CLASSES_ROOT\clsid\{5ECDCA91-1D62-412B-BFDD-8263364F9FD8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{5ECDCA91-1D62-412B-BFDD-8263364F9FD8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{5ECDCA91-1D62-412B-BFDD-8263364F9FD8}\InprocServer32]
@="C:\\WINDOWS\\system32\\obbccp32.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Granting sedebugprivilege to Administrators ... successful

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))) )

* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *

O4 - HKCU\...\Run C:\WINDOWS\system32\haaffg.exe
O4 - HKLM\...\Run C:\WINDOWS\system32\haaffg.exe
F2 -REG:system.ini: Shell C:\WINDOWS\system32\wjqjf.exe
F2 -REG:system.ini: UserInit C:\WINDOWS\system32\iexnply.exe

* * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *

C:\WINDOWS\system32\haaffg.exe
C:\WINDOWS\system32\nhafvok.dll
C:\WINDOWS\system32\iexnply.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\yhmgl.exe
C:\WINDOWS\fuglv.dll
C:\WINDOWS\system32\mwoiq.dat
C:\WINDOWS\system32\wjqjf.exe

* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *

06-10-21 11:14 127488 yhmgl.exe.qoo
06-10-25 00:41 127488 mwoiq.dat.qoo
06-10-21 11:14 127488 haaffg.exe.qoo
06-10-21 11:14 51712 nhafvok.dll.qoo
06-10-21 11:14 28672 wjqjf.exe.qoo
06-10-21 11:14 23552 iexnply.exe.qoo
06-10-21 11:14 53 noewpn.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\p2pnetworking.exe
C:\WINDOWS\cfg32.exe
C:\deskbar_e31.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msconfig.exe
C:\xz.exe
C:\WINDOWS\offun.exe
C:\Program Files\cmfibula
C:\Program Files\winupdate
C:\Program Files\winupdates
C:\Program Files\Common Files\{3C71A655-0AEF-1033-0528-040204200001}
C:\Program Files\Common Files\{DC71A655-0AEF-1033-0528-040204200001}
C:\Program Files\batty2

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Ashley\Application Data\DOBE~1
C:\QooBox\Purity\Documents and Settings\Ashley\Application Data\MBOLS~1
C:\QooBox\Purity\Documents and Settings\Ashley\Application Data\RACLE~1
C:\QooBox\Purity\Documents and Settings\Ashley\My Documents\CROSOF~1
C:\QooBox\Purity\Documents and Settings\Ashley\My Documents\MANTEC~1
C:\QooBox\Purity\Documents and Settings\Ashley\My Documents\MANTEC~1\bak
C:\QooBox\Purity\Documents and Settings\Ashley\My Documents\MANTEC~1\MANTEC~1
C:\QooBox\Purity\Documents and Settings\Ashley\My Documents\MANTEC~1\services.exe
C:\QooBox\Purity\Documents and Settings\Ashley\My Documents\MANTEC~1\services.exe1160542104
C:\QooBox\Purity\Documents and Settings\Ashley\My Documents\MANTEC~1\bak\services.exe
C:\QooBox\Purity\Program Files\ICROSO~1
C:\QooBox\Purity\Program Files\MCROSO~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\SMANTE~1
C:\QooBox\Purity\WINDOWS\STEM32~1
C:\QooBox\Purity\WINDOWS\WNSXS~1
C:\QooBox\Purity\WINDOWS\system32\MBOLS~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\STEM~1

((((((((((((((((((((((((((((((( Files Created from 2006-09-25 to 2006-10-25 ))))))))))))))))))))))))))))))))))

2006-10-24 07:03 126,976 --a------ C:\WINDOWS\system32\szhzass.dll
2006-10-24 02:53 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-10-24 02:45 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2006-10-24 02:45 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2006-10-24 02:45 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2006-10-24 02:39 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2006-10-24 02:39 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2006-10-22 00:22 4,928 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-22 00:22 343,168 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-22 00:22 18,944 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-21 23:36 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2006-10-21 18:32 244 --a------ C:\ituninst.bat
2006-10-21 11:26 920 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-10-21 11:23 1,259 --a------ C:\WINDOWS\system32\dgm28199.sys
2006-10-21 11:18 2,560 --a------ C:\ac3_0003.exe
2006-10-21 11:17 45,056 --a------ C:\WINDOWS\rjemcqd.exe
2006-10-21 11:17 183,478 --a------ C:\WINDOWS\srvhtrcbur.exe
2006-10-21 11:14 555 --a------ C:\WINDOWS\fuglv.dll
2006-10-21 11:14 349,696 --a------ C:\921_135b.exe
2006-10-20 16:28 45,056 --a------ C:\w77uxb8v9.exe
2006-10-16 21:20 192 --a------ C:\Documents and Settings\Ashley\ggg.bat
2006-10-16 21:19 20,480 --a------ C:\Documents and Settings\Ashley\setup9X.exe
2006-10-16 19:20 192 --a------ C:\WINDOWS\system32\ggg.bat
2006-10-16 19:19 20,480 --a------ C:\WINDOWS\system32\setup9X.exe
2006-10-08 01:58 78,488 --a------ C:\WINDOWS\system32\XMD5.dll
2006-10-08 01:58 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll
2006-10-08 00:59 0 --a------ C:\WINDOWS\b.exe
2006-10-07 00:45 796,672 --a------ C:\WINDOWS\GPInstall.exe
2006-09-28 13:53 40,960 -ra------ C:\WINDOWS\system32\wh2robo.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

2006-10-25 00:45 -------- d-------- C:\Program Files\Common Files
2006-10-25 00:35 -------- d-------- C:\Program Files\HijackThis
2006-10-25 00:10 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-24 23:12 -------- d-------- C:\Program Files\Diablo II
2006-10-24 22:39 -------- d-------- C:\Documents and Settings\Ashley\Application Data\AVG7
2006-10-24 07:03 2 --a------ C:\WINDOWS\system32\wintsvtr.exe
2006-10-24 04:10 -------- d-------- C:\Documents and Settings\Ashley\Application Data\Aim
2006-10-23 11:23 -------- d-------- C:\Program Files\ComcastToolbar
2006-10-23 11:12 -------- d-------- C:\Program Files\support.com
2006-10-23 11:12 -------- d-------- C:\Program Files\Common Files\Scanner
2006-10-23 00:40 -------- d-------- C:\Program Files\Common Files\kuui
2006-10-22 23:59 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-22 20:30 -------- d-------- C:\Program Files\Lavasoft
2006-10-22 20:30 -------- d-------- C:\Documents and Settings\Ashley\Application Data\Lavasoft
2006-10-22 00:22 -------- d-------- C:\Program Files\Grisoft
2006-10-21 19:08 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-21 18:40 -------- d-------- C:\Program Files\BFG
2006-10-21 18:32 -------- d-------- C:\Program Files\PCFriendly
2006-10-21 14:22 -------- d-------- C:\Documents and Settings\Ashley\Application Data\Registry Cleaner
2006-10-21 11:20 32208 ---hs---- C:\Program Files\Common Files\Y1324OU.exe
2006-10-21 11:17 -------- d-------- C:\Program Files\PSDream
2006-10-13 19:45 -------- d-------- C:\Documents and Settings\Ashley\Application Data\Mozilla
2006-10-11 00:48 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-10-11 00:48 -------- d-------- C:\Program Files\SpyBlocker Software
2006-10-11 00:48 -------- d-------- C:\Program Files\S4F
2006-10-11 00:48 -------- d-------- C:\Program Files\Lexmark X5100 Series
2006-10-11 00:48 -------- d-------- C:\Program Files\iTunes
2006-10-11 00:48 -------- d-------- C:\Program Files\Common Files\ISPCOMP
2006-10-08 19:52 -------- d-------- C:\Program Files\Zuma Deluxe
2006-10-08 18:27 -------- d-------- C:\Program Files\Oberon Media
2006-10-05 15:34 1429504 --a------ C:\WINDOWS\system32\rlvknlg.exe
2006-09-28 13:55 -------- d-------- C:\Documents and Settings\Ashley\Application Data\Watchtower
2006-09-28 13:53 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-28 13:53 -------- d-------- C:\Program Files\Watchtower
2006-09-28 05:03 -------- d-------- C:\Program Files\Netscape Internet Service
2006-09-27 23:45 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-27 23:45 -------- d-------- C:\Documents and Settings\Ashley\Application Data\AOL
2006-09-27 23:42 -------- d-------- C:\Program Files\QuickTime
2006-09-27 23:42 -------- d-------- C:\Program Files\iPod
2006-09-27 23:42 -------- d-------- C:\Program Files\Freeze.com
2006-09-27 23:41 -------- d-------- C:\Program Files\Creative
2006-09-25 23:15 -------- d-------- C:\Program Files\Netscape
2006-09-22 22:33 245760 --a------ C:\WINDOWS\system32\rlxf.dll
2006-09-22 15:58 315392 --a------ C:\WINDOWS\system32\rlls.dll
2006-09-22 10:38 53248 --a------ C:\WINDOWS\109uninst.exe
2006-09-22 10:36 53248 --a------ C:\WINDOWS\uni_7eh.exe
2006-09-21 02:47 729088 --a------ C:\WINDOWS\system32\LDPackage.dll
2006-09-19 22:52 53248 --a------ C:\WINDOWS\system32\silc_dll.dll
2006-09-12 13:36 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-07 11:17 61440 --a------ C:\WINDOWS\system32\BattyRun2.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"Snte"="\"C:\\DOCUME~1\\Ashley\\MYDOCU~1\\MANTEC~1 \\services.exe\" -vt ndrv"
"Lvekta"="\"C:\\Program Files\\M?crosoft\\t?skmgr.exe\""
"PSDream"="\"C:\\Program Files\\PSDream\\PSDream.exe\""
"Felix II"="C:\\Program Files\\ScreenMates\\Felix II\\Felix2.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"AGRSMMSG"="AGRSMMSG.exe"
"srmclean"="C:\\Cpqs\\Scom\\srmclean.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\\\vptray.exe "
"S4F"="\"C:\\Program Files\\S4F\\Filter7.exe\""
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAO L.exe\" -Run"
"Lexmark X5100 Series"="\"C:\\Program Files\\Lexmark X5100 Series\\lxbabmgr.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"NetscapeClient"=""
"Netscape"="\"C:\\Program Files\\Common Files\\ISPCOMP\\InstallService.exe\""
"SpyBlocker"="C:\\Program Files\\SpyBlocker Software\\spyblocker.exe"
"spywarebot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"
"dgm28199"="RUNDLL32.EXE w02e94fc.dll,n 006281930000000302e94fc"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc. exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgemc.ex e"
"AVG7_RegCleaner"="C:\\PROGRA~1\\Grisoft\\AVG7\\av gregcl.exe /BOOT"
"tgcmd"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe /server /startmonitor /deaf"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\Compaq]
"SetRefresh"="C:\\Program Files\\Compaq\\SetRefresh\\SetRefresh.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce]
"SpybotSnD"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00 ,80,02,00,00,3b,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,50,00,00,00,00 ,00,00,00,d0,02,00,00,39,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,50,00,00,00,00 ,00,00,00,d0,02,00,00,39,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw. exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"RunNarrator"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw. exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runon ce]
"RunNarrator"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"Creative WebCam Tray"="\"C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"RealTray"="\"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe\" SYSTEMBOOTHIDEPLAYER"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-10-25 0:51:31.26
C:\ComboFix.txt ... 06-10-25 00:51

Uninstall file

ABBYY FineReader 5.0 Sprint
Ad-Aware SE Personal
Adobe Acrobat 5.0
Agere Systems PCI Soft Modem
AOL Instant Messenger
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
ArcSoft PhotoImpression 5
AVG Anti-Virus 7.0
Business Contact Manager for Outlook 2003
Comcast High-Speed Internet Install Wizard
Comcast Toolbar
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
Creative WebCam Instant User's Guide (English)
Desktop Doctor
Diablo II
FilterPak for Windows
Get Yahoo! Messenger
G-Force
HijackThis 1.99.1
Intel(R) Extreme Graphics Driver
iTunes
iVocalize Web Conference 4
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Learn2 Player (Uninstall Only)
Lexmark X5100 Series
LiveUpdate 2.0 (Symantec Corporation)
Living 3D Dolphins Screen Saver
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Professional Edition 2003
Mozilla Firefox (1.5)
MSN Messenger 7.5
MSN Music Assistant
Netscape Internet Service
Pure Networks Port Magic
RealPlayer Basic
RelevantKnowledge
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
SoundMAX
Spybot - Search & Destroy 1.4
Symantec AntiVirus
Update for Windows XP (KB898461)
Viewpoint Media Player
Watchtower Library 2005 - English Edition
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
Yahoo! Messenger
Yazzle by OIN
Zuma Deluxe RA

Fresh hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 1:10:59 AM, on 10/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Cpqs\Scom\srmclean.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Support.com\bin\tgcmd.exe
c:\windows\system32\rlvknlg.exe
C:\Program Files\PSCastor\PSCastor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {454EF08E-4B30-33C1-48F6-10D4BDC5ABB8} - C:\WINDOWS\system32\szhzass.dll
O2 - BHO: (no name) - {454EF08E-4B30-33C1-48F6-10D4BDC5ABB8} - C:\WINDOWS\system32\szhzass.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [S4F] "C:\Program Files\S4F\Filter7.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Netscape] "C:\Program Files\Common Files\ISPCOMP\InstallService.exe"
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [dgm28199] RUNDLL32.EXE w02e94fc.dll,n 006281930000000302e94fc
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Snte] "C:\DOCUME~1\Ashley\MYDOCU~1\MANTEC~1\services.exe " -vt ndrv
O4 - HKCU\..\Run: [Lvekta] "C:\Program Files\M?crosoft\t?skmgr.exe"
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Felix2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\oldsrego.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk.disabled
O4 - Global Startup: Copy of America Online 9.0 Tray Icon.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1158082160859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158082112562
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/z...ploader_v5.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: BattyRun2.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Also, my computer doesn't seem to want to restart. The shutting down windows screen will stay on forever but never shut down. Anyway to remedy that?

**VopThis** · 25-10-2006

Please disable the ‘active protection’ components of the following application(s), as it/they may hinder the removal of some entries. Otherwise, certain cleaning attempts may be wrongly recognized and blocked as hijacking attempts or other potentially inappropriate behavior. You can re-enable such tools after your computer is clean.

Disable Spybot Search & Destroy (Teatimer)

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

R3 - URLSearchHook: (no name) - {454EF08E-4B30-33C1-48F6-10D4BDC5ABB8} - C:\WINDOWS\system32\szhzass.dll

O2 - BHO: (no name) - {454EF08E-4B30-33C1-48F6-10D4BDC5ABB8} - C:\WINDOWS\system32\szhzass.dll

O4 - HKCU\..\Run: [PSDREAM] "C:\Program Files\PSDream\PSDream.exe"
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\oldsrego.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/z...ploader_v5.cab

O20 - AppInit_DLLs: BattyRun2.dll

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.

HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).

Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):

DELETE FILES:

C:\WINDOWS\system32\szhzass.dll
C:\Program Files\PSDream <--FOLDER
C:\WINDOWS\system32\oldsrego.exe
c:\windows\system32\rlls.dll
BattyRun2.dll
c:\windows\system32\rlvknlg.exe

NOTE: Do not delete any items in the Recycle Bin until you are clean.

REBOOT.

Re-run Combofix in NORMAL MODE and post the log it creates.

POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

**GeminiKitty** · 27-10-2006

Cannot delete rlls: access is denied
Make sure the disk is not full or write-protected and that the file is not currently in use

Also, everytime I restart I get this window...

RUNDLL
Error loading w02e94fc.dll
The specified module could not be found

New combofix...

Ashley - 06-10-26 23:06:05.03 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Ashley\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Ashley\Application Data\DOBE~1
C:\QooBox\Purity\Documents and Settings\Ashley\Application Data\MBOLS~1
C:\QooBox\Purity\Documents and Settings\Ashley\Application Data\RACLE~1
C:\QooBox\Purity\Documents and Settings\Ashley\My Documents\CROSOF~1
C:\QooBox\Purity\Documents and Settings\Ashley\My Documents\MANTEC~1
C:\QooBox\Purity\Documents and Settings\Ashley\My Documents\MANTEC~1\bak
C:\QooBox\Purity\Documents and Settings\Ashley\My Documents\MANTEC~1\MANTEC~1
C:\QooBox\Purity\Documents and Settings\Ashley\My Documents\MANTEC~1\services.exe
C:\QooBox\Purity\Documents and Settings\Ashley\My Documents\MANTEC~1\services.exe1160542104
C:\QooBox\Purity\Documents and Settings\Ashley\My Documents\MANTEC~1\bak\services.exe
C:\QooBox\Purity\Program Files\ICROSO~1
C:\QooBox\Purity\Program Files\MCROSO~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\SMANTE~1
C:\QooBox\Purity\WINDOWS\STEM32~1
C:\QooBox\Purity\WINDOWS\WNSXS~1
C:\QooBox\Purity\WINDOWS\system32\MBOLS~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\STEM~1

((((((((((((((((((((((((((((((( Files Created from 2006-09-26 to 2006-10-26 ))))))))))))))))))))))))))))))))))

2006-10-24 02:53 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-10-24 02:45 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2006-10-24 02:45 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2006-10-24 02:45 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2006-10-24 02:39 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2006-10-24 02:39 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2006-10-22 00:22 4,928 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-22 00:22 343,168 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-22 00:22 18,944 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-21 23:36 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2006-10-21 18:32 244 --a------ C:\ituninst.bat
2006-10-21 11:26 920 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-10-21 11:23 1,259 --a------ C:\WINDOWS\system32\dgm28199.sys
2006-10-21 11:18 2,560 --a------ C:\ac3_0003.exe
2006-10-21 11:17 45,056 --a------ C:\WINDOWS\rjemcqd.exe
2006-10-21 11:17 183,478 --a------ C:\WINDOWS\srvhtrcbur.exe
2006-10-21 11:14 555 --a------ C:\WINDOWS\fuglv.dll
2006-10-21 11:14 349,696 --a------ C:\921_135b.exe
2006-10-20 16:28 45,056 --a------ C:\w77uxb8v9.exe
2006-10-16 21:20 192 --a------ C:\Documents and Settings\Ashley\ggg.bat
2006-10-16 21:19 20,480 --a------ C:\Documents and Settings\Ashley\setup9X.exe
2006-10-16 19:20 192 --a------ C:\WINDOWS\system32\ggg.bat
2006-10-16 19:19 20,480 --a------ C:\WINDOWS\system32\setup9X.exe
2006-10-08 01:58 78,488 --a------ C:\WINDOWS\system32\XMD5.dll
2006-10-08 01:58 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll
2006-10-08 00:59 0 --a------ C:\WINDOWS\b.exe
2006-10-07 00:45 796,672 --a------ C:\WINDOWS\GPInstall.exe
2006-09-28 13:53 40,960 -ra------ C:\WINDOWS\system32\wh2robo.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

2006-10-26 23:04 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-26 23:04 -------- d-------- C:\Documents and Settings\Ashley\Application Data\AVG7
2006-10-26 22:36 -------- d-------- C:\Program Files\HijackThis
2006-10-26 14:47 -------- d-------- C:\Documents and Settings\Ashley\Application Data\Aim
2006-10-25 03:35 -------- d-------- C:\Program Files\Diablo II
2006-10-25 03:02 -------- d-------- C:\Program Files\Internet Explorer
2006-10-25 02:45 -------- d-------- C:\Program Files\Windows Media Player
2006-10-25 02:40 -------- d-------- C:\Program Files\Outlook Express
2006-10-25 02:40 -------- d-------- C:\Program Files\Common Files\System
2006-10-25 01:03 -------- d-------- C:\Program Files\PSCastor
2006-10-25 00:45 -------- d-------- C:\Program Files\Common Files
2006-10-24 07:03 2 --a------ C:\WINDOWS\system32\wintsvtr.exe
2006-10-23 11:23 -------- d-------- C:\Program Files\ComcastToolbar
2006-10-23 11:12 -------- d-------- C:\Program Files\support.com
2006-10-23 11:12 -------- d-------- C:\Program Files\Common Files\Scanner
2006-10-23 00:40 -------- d-------- C:\Program Files\Common Files\kuui
2006-10-22 23:59 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-22 20:30 -------- d-------- C:\Program Files\Lavasoft
2006-10-22 20:30 -------- d-------- C:\Documents and Settings\Ashley\Application Data\Lavasoft
2006-10-22 00:22 -------- d-------- C:\Program Files\Grisoft
2006-10-21 19:08 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-21 18:40 -------- d-------- C:\Program Files\BFG
2006-10-21 18:32 -------- d-------- C:\Program Files\PCFriendly
2006-10-21 14:22 -------- d-------- C:\Documents and Settings\Ashley\Application Data\Registry Cleaner
2006-10-21 11:20 32208 ---hs---- C:\Program Files\Common Files\Y1324OU.exe
2006-10-13 19:45 -------- d-------- C:\Documents and Settings\Ashley\Application Data\Mozilla
2006-10-11 00:48 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-10-11 00:48 -------- d-------- C:\Program Files\SpyBlocker Software
2006-10-11 00:48 -------- d-------- C:\Program Files\S4F
2006-10-11 00:48 -------- d-------- C:\Program Files\Lexmark X5100 Series
2006-10-11 00:48 -------- d-------- C:\Program Files\iTunes
2006-10-11 00:48 -------- d-------- C:\Program Files\Common Files\ISPCOMP
2006-10-08 19:52 -------- d-------- C:\Program Files\Zuma Deluxe
2006-10-08 18:27 -------- d-------- C:\Program Files\Oberon Media
2006-09-28 13:55 -------- d-------- C:\Documents and Settings\Ashley\Application Data\Watchtower
2006-09-28 13:53 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-28 13:53 -------- d-------- C:\Program Files\Watchtower
2006-09-28 05:03 -------- d-------- C:\Program Files\Netscape Internet Service
2006-09-27 23:45 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-27 23:45 -------- d-------- C:\Documents and Settings\Ashley\Application Data\AOL
2006-09-27 23:42 -------- d-------- C:\Program Files\QuickTime
2006-09-27 23:42 -------- d-------- C:\Program Files\iPod
2006-09-27 23:42 -------- d-------- C:\Program Files\Freeze.com
2006-09-27 23:41 -------- d-------- C:\Program Files\Creative
2006-09-25 23:15 -------- d-------- C:\Program Files\Netscape
2006-09-22 22:33 245760 --a------ C:\WINDOWS\system32\rlxf.dll
2006-09-22 15:58 315392 --a------ C:\WINDOWS\system32\rlls.dll
2006-09-22 10:38 53248 --a------ C:\WINDOWS\109uninst.exe
2006-09-22 10:36 53248 --a------ C:\WINDOWS\uni_7eh.exe
2006-09-21 02:47 729088 --a------ C:\WINDOWS\system32\LDPackage.dll
2006-09-19 22:52 53248 --a------ C:\WINDOWS\system32\silc_dll.dll
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 13:36 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"Snte"="\"C:\\DOCUME~1\\Ashley\\MYDOCU~1\\MANTEC~1 \\services.exe\" -vt ndrv"
"Lvekta"="\"C:\\Program Files\\M?crosoft\\t?skmgr.exe\""
"Felix II"="C:\\Program Files\\ScreenMates\\Felix II\\Felix2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"AGRSMMSG"="AGRSMMSG.exe"
"srmclean"="C:\\Cpqs\\Scom\\srmclean.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\\\vptray.exe "
"S4F"="\"C:\\Program Files\\S4F\\Filter7.exe\""
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAO L.exe\" -Run"
"Lexmark X5100 Series"="\"C:\\Program Files\\Lexmark X5100 Series\\lxbabmgr.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"NetscapeClient"=""
"Netscape"="\"C:\\Program Files\\Common Files\\ISPCOMP\\InstallService.exe\""
"SpyBlocker"="C:\\Program Files\\SpyBlocker Software\\spyblocker.exe"
"spywarebot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"
"dgm28199"="RUNDLL32.EXE w02e94fc.dll,n 006281930000000302e94fc"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc. exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgemc.ex e"
"AVG7_RegCleaner"="C:\\PROGRA~1\\Grisoft\\AVG7\\av gregcl.exe /BOOT"
"tgcmd"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe /server /startmonitor /deaf"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\Compaq]
"SetRefresh"="C:\\Program Files\\Compaq\\SetRefresh\\SetRefresh.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00 ,80,02,00,00,3b,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,50,00,00,00,00 ,00,00,00,d0,02,00,00,39,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,50,00,00,00,00 ,00,00,00,d0,02,00,00,39,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw. exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"RunNarrator"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw. exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runon ce]
"RunNarrator"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"Creative WebCam Tray"="\"C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"RealTray"="\"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe\" SYSTEMBOOTHIDEPLAYER"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-10-26 23:07:27.20
C:\ComboFix.txt ... 06-10-26 23:07
C:\ComboFix2.txt ... 06-10-25 00:51

New hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 11:12:42 PM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Cpqs\Scom\srmclean.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [S4F] "C:\Program Files\S4F\Filter7.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Netscape] "C:\Program Files\Common Files\ISPCOMP\InstallService.exe"
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [dgm28199] RUNDLL32.EXE w02e94fc.dll,n 006281930000000302e94fc
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKCU\..\Run: [Snte] "C:\DOCUME~1\Ashley\MYDOCU~1\MANTEC~1\services.exe " -vt ndrv
O4 - HKCU\..\Run: [Lvekta] "C:\Program Files\M?crosoft\t?skmgr.exe"
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Felix2.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk.disabled
O4 - Global Startup: Copy of America Online 9.0 Tray Icon.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1158082160859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158082112562
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

One last thing...this window will pop up every couple of minutes. It stays up for a split second twice in a row and then goes away.

**VopThis** · 27-10-2006

Download and install AVG Anti-Spyware 7.5 (formally known as Ewido anti-spyware 4.0 - uninstall any previous version first).

Click the Download BUTTON. On the next page click the Download now BUTTON.
Save and then install (Run) from the save location.
Open/Run ewido anti-spyware
Wait a few moments and Ewido should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:
Click on the Update now LINK at the top of the window
- Click on the Start update button
- Wait for the update to download and install

Trying to keep my computer from dying on me...

Trying to keep my computer from dying on me...

Similar Threads

Computer dying

HJT Log of a dying computer

HELP! i'm dying here :-(

My computer is dying. Please help!!!

help please pc dying!