My hijackthis log, help?

**TreyDeuce** · 27-07-2007

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:28 PM, on 27/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wxgbnwiq.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\~MC_Blaze~\My Documents\My ****\Setup Files\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lizzy.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lizzy.com.au
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1179391632046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184827587687
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5143BED9-6822-45AA-972A-3B9145F09784}: NameServer = 203.194.56.150 203.194.27.57
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7978 bytes

that is my log....lately i have been gettin alot of pop-ups and random files in my system32 folder. i dont no what to do. i have spy-bot and run it frequetly, i also have ad-aware and run it frequently too. i have A-vast as my anti virus and zone alarm 5 as a firewall. so i dont no how this stuff should be on my computer...ah well

any help would be appreciated

**Neal** · 27-07-2007

Welcome,

Please go to hijackthis.exe and right click on it and then click on rename and rename it to foolyou.exe, press enter
and post a new log from the newly renamed hijackthis.exe. Sometimes malware hides from hijackthis.exe.

You may want to printout the following instructions:

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.

Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to the words Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update successful message.
- Click on Scanner on the toolbar at top of this screen.
- Click on the Settings tab.
  - Under How to act?
    - Click on Recommended Action and choose Quarantine from the popup menu.
  - Under How to scan?
    - All checkboxes should be ticked.
  - Under Possibly unwanted software:
    - All checkboxes should be ticked.
  - Under Reports:
    - Select Automatically generate report after every scan and uncheck Only if threats were found.
  - Under What to scan?
    - Select Scan every file.
- Close AVG Anti-Spyware without running yet.

Now disable (turn off AVG Anti-Spyware)

Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.If you can't go to safe mode or run from safe mode, use NORMAL MODE.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Note: If AVG Anti-Spyware screen does not fit your monitor screen Hold down the Alt button on keyboard then tap spacebar, menu should pop up then choose maximize. AVG Anti-Spyware screen should now fit to the screen a lot better.

Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.

IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button.(3)

When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop. I will need you to post this in your next reply.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot in Normal Mode.

**TreyDeuce** · 28-07-2007

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:58 AM, on 28/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\~MC_Blaze~\My Documents\My ****\Setup Files\foolyou.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lizzy.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lizzy.com.au
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {857A461D-8D96-4996-A4A0-AEA0A2535B86} - C:\WINDOWS\system32\xxyyywx.dll
O2 - BHO: (no name) - {8B45ECE2-11E6-47CB-B820-FA4DDCD98B87} - C:\WINDOWS\system32\jkkli.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\krdhthlc.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1179391632046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184827587687
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5143BED9-6822-45AA-972A-3B9145F09784}: NameServer = 203.194.56.150 203.194.27.57
O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll
O20 - Winlogon Notify: xxyyywx - C:\WINDOWS\SYSTEM32\xxyyywx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8656 bytes

thats my new hijack this log.....
and with your suggestion of downloading that Anti-Spyware program, im still running dial up. so that 11mb file is going to be a pain in tha ass.....any easier way to do it?

or will i just have to download it......tho it may take a few hours

**Neal** · 28-07-2007

OK

Go this route, we have to have these tools to get rid of the infection that is now showing in your log after renameing hijackthis.

Thanks,

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

1. Download this file - COMBOFIX
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Post a new hijackthis log also please renamed.

**TreyDeuce** · 29-07-2007

ok i downloaded it and ran it like you said

here is the report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:52:11 PM 29/07/2007

+ Scan result:

C:\System Volume Information\_restore{D784EDB3-9944-420D-9EEA-E49B72A14E87}\RP22\A0001938.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D784EDB3-9944-420D-9EEA-E49B72A14E87}\RP22\A0001939.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\Documents and Settings\~MC_Blaze~\Local Settings\Temp\Temporary Internet Files\Content.IE5\PA7RP6V0\kcehc_eicooc20070702[1] -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D784EDB3-9944-420D-9EEA-E49B72A14E87}\RP106\A0034129.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D784EDB3-9944-420D-9EEA-E49B72A14E87}\RP106\A0034133.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D784EDB3-9944-420D-9EEA-E49B72A14E87}\RP106\A0034134.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D784EDB3-9944-420D-9EEA-E49B72A14E87}\RP106\A0034135.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mrliwrep.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wxgbnwiq.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D784EDB3-9944-420D-9EEA-E49B72A14E87}\RP10\A0000565.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D784EDB3-9944-420D-9EEA-E49B72A14E87}\RP10\A0000572.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Jenny\Cookies\jenny@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jenny\Cookies\jenny@wotifcom.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jenny\Cookies\jenny@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jenny\Cookies\jenny@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@2.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@4.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@rotator.adj uggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Jenny\Cookies\jenny@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Jenny\Cookies\jenny@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@www.burstbe acon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Jenny\Cookies\jenny@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@castup[1].txt -> TrackingCookie.Castup : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Jenny\Cookies\jenny@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6wakyeld5geo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6wal4skc5cho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6wbliegc5cep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6wbmyqpc5agp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6wck4whdjogp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6wflishdpscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6wgkiukajkdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6wgkyeid5cgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6wgkyspdpgkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6wgmychcpwhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6whlisgcjcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6whlyagdzigq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6whmiumajoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6wjk4slaziap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6wjkygjajklo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6wjloamcpcdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6wjlokhdzsko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@e-2dj6wjnyokazsko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@searchporta l.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@search.live[1].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@server.iad. liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Jenny\Cookies\jenny@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@www.popuptr affic[1].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@gamebundles .real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Jenny\Cookies\jenny@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@stats1.reli ablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jenny\Cookies\jenny@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@login.track ing101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@tribalfusio n[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jenny\Cookies\jenny@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Jenny\Cookies\jenny@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\~MC_Blaze~\Cookies\~mc_blaze~@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Jenny\Cookies\jenny@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

and here is my new hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:54 PM, on 29/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\~MC_Blaze~\My Documents\My ****\Setup Files\foolyou.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lizzy.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lizzy.com.au
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22407419-D383-4C8A-8545-FFE119277316} - C:\WINDOWS\system32\jkkli.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {857A461D-8D96-4996-A4A0-AEA0A2535B86} - C:\WINDOWS\system32\xxyyywx.dll (file missing)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1179391632046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184827587687
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll (file missing)
O20 - Winlogon Notify: xxyyywx - xxyyywx.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8835 bytes

**TreyDeuce** · 29-07-2007

and i will download those other programs and run them and get back to you

**Neal** · 29-07-2007

Thanks, good job.

**TreyDeuce** · 30-07-2007

ok here is my ComboFix log

ComboFix 07-07-30.2 - "~MC_Blaze~" 2007-07-30 17:04:09.2 [GMT 10:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\~MC_BL~1\Desktop.\internet explorer.lnk
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\context s\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\context s\related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\context s\travel.xml
C:\Program Files\Starware316
C:\Program Files\Starware316\brand.bmp
C:\Program Files\Starware316\icons\star_16.ico
C:\Program Files\Starware316\icons\Thumbs.db
C:\Program Files\Starware316\Starware316Config.xml
C:\Program Files\Starware316\Thumbs.db

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_IPRIP
-------\Iprip

((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 )))))))))))))))))))))))))))))))

2007-07-30 16:55 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-30 16:53 <DIR> d-------- C:\VundoFix Backups
2007-07-29 20:59 <DIR> d-------- C:\UnrealTournament
2007-07-28 12:51 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-27 21:23 <DIR> d-------- C:\WINDOWS\pss
2007-07-26 21:46 35,328 --a------ C:\WINDOWS\system32\iprip.dll
2007-07-26 21:46 18,944 --a------ C:\WINDOWS\system32\simptcp.dll
2007-07-25 21:48 <DIR> d-------- C:\Program Files\Team6 game studios
2007-07-25 21:36 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-07-25 21:36 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-07-25 21:35 <DIR> d-------- C:\Program Files\D-Tools
2007-07-24 18:05 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
2007-07-24 18:05 <DIR> d-------- C:\ITN
2007-07-24 16:02 34,308 --a------ C:\WINDOWS\system32\Chip.dll
2007-07-24 15:01 <DIR> d-------- C:\Program Files\MagicDVDRipper
2007-07-22 19:25 756,736 --------- C:\WINDOWS\system32\ir41_32.dll
2007-07-22 19:24 <DIR> d-------- C:\Program Files\Microsoft Games
2007-07-20 19:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-07-20 19:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-07-20 19:41 <DIR> d-------- C:\Program Files\Viewpoint
2007-07-20 19:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-07-20 19:40 335 --a------ C:\WINDOWS\nsreg.dat
2007-07-20 18:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-07-20 15:30 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-19 19:42 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-19 18:08 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-07-18 23:41 <DIR> d-------- C:\Program Files\SurfAnonymous
2007-07-18 21:24 <DIR> d-------- C:\Program Files\FLStudio4
2007-07-18 19:15 <DIR> d-------- C:\Program Files\uTorrent
2007-07-18 19:15 <DIR> d-------- C:\DOCUME~1\~MC_BL~1\APPLIC~1\uTorrent
2007-07-18 16:44 <DIR> d-------- C:\DOCUME~1\~MC_BL~1\APPLIC~1\Syntrillium
2007-07-18 16:42 <DIR> d-------- C:\Program Files\coolpro2
2007-07-12 21:56 194,560 --a------ C:\WINDOWS\Rid****.scr
2007-07-12 21:56 <DIR> d-------- C:\WINDOWS\Rid**** dir
2007-07-12 21:55 606,848 --a------ C:\WINDOWS\flashax.exe
2007-07-12 21:55 194,560 --a------ C:\WINDOWS\HB_Tease_SS_PC.scr
2007-07-12 21:55 <DIR> d-------- C:\WINDOWS\HB_Tease_SS_PC dir
2007-07-12 21:54 194,560 --a------ C:\WINDOWS\system32\Garfield Screensaver.scr
2007-07-12 21:54 <DIR> d-------- C:\WINDOWS\system32\Garfield Screensaver dir
2007-07-12 19:51 <DIR> d-------- C:\Program Files\P-Encryption Suite
2007-07-12 19:37 <DIR> d-------- C:\Program Files\DarnPasswords3
2007-07-12 19:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-10 19:39 <DIR> d-------- C:\Program Files\HHD Software
2007-07-10 01:33 <DIR> d-------- C:\W32DSM
2007-07-08 20:25 <DIR> d-------- C:\Program Files\Pcsx2
2007-07-08 19:45 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-08 19:45 <DIR> d-------- C:\WINDOWS\Easy CD-DA Extractor
2007-07-08 19:45 <DIR> d-------- C:\Program Files\Easy CD-DA Extractor 10
2007-07-07 02:00 <DIR> d-------- C:\Program Files\DVD Shrink
2007-07-07 02:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-07-07 01:55 <DIR> d-------- C:\Downloads
2007-07-06 22:53 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-07-06 22:52 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-07-06 18:14 619 --a------ C:\WINDOWS\eReg.dat
2007-07-05 22:41 <DIR> d-------- C:\Program Files\FlashGet
2007-07-04 22:29 <DIR> d-------- C:\DOCUME~1\~MC_BL~1\APPLIC~1\WinRAR
2007-07-03 17:59 <DIR> d-------- C:\Program Files\EA GAMES
2007-07-01 20:36 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0
2007-07-01 20:36 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-07-01 20:35 90,112 --a------ C:\WINDOWS\system32\LXBKCUR.DLL
2007-07-01 20:35 86,016 --a------ C:\WINDOWS\system32\LXBKIH.EXE
2007-07-01 20:35 77,824 --a------ C:\WINDOWS\system32\LXBKLCNP.DLL
2007-07-01 20:35 73,728 --a------ C:\WINDOWS\system32\lxbkpwr.dll
2007-07-01 20:35 69,632 --a------ C:\WINDOWS\system32\LXBKCU.DLL
2007-07-01 20:35 544,768 --a------ C:\WINDOWS\system32\LXBKLSNT.EXE
2007-07-01 20:35 40,960 --a------ C:\WINDOWS\system32\lxbkvs.dll
2007-07-01 20:35 40,960 --a------ C:\WINDOWS\system32\INSTMON.EXE
2007-07-01 20:35 303,104 --a------ C:\WINDOWS\system32\LEXBCES.EXE
2007-07-01 20:35 286,720 --a------ C:\WINDOWS\system32\LXBKPMNT.DLL
2007-07-01 20:35 286,720 --a------ C:\WINDOWS\system32\lxbkcomm.dll
2007-07-01 20:35 217,088 --a------ C:\WINDOWS\system32\LXBKLCNT.DLL
2007-07-01 20:35 201,216 --a------ C:\WINDOWS\system32\LEXP2P32.DLL
2007-07-01 20:35 196,096 --a------ C:\WINDOWS\system32\LEX2KUSB.DLL
2007-07-01 20:35 192,512 --a------ C:\WINDOWS\system32\LEXLMPM.DLL
2007-07-01 20:35 174,592 --a------ C:\WINDOWS\system32\LEXPPS.EXE
2007-07-01 20:35 155,648 --a------ C:\WINDOWS\system32\LEXPING.EXE
2007-07-01 20:35 147,456 --a------ C:\WINDOWS\system32\LEXBCE.DLL
2007-07-01 20:35 126,976 --a------ C:\WINDOWS\system32\LXBKCFG.EXE
2007-07-01 20:34 983,101 --a------ C:\WINDOWS\system32\LXBKGF.DLL
2007-07-01 20:34 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-07-01 20:34 69,632 --a------ C:\WINDOWS\system32\lxbkscin.dll
2007-07-01 20:34 57,344 --a------ C:\WINDOWS\system32\lxbkcinf.dll
2007-07-01 20:34 49,152 --a------ C:\WINDOWS\system32\lxbkcoin.dll
2007-07-01 20:34 454,656 --a------ C:\WINDOWS\system32\LXBKJSWR.DLL
2007-07-01 20:34 352,256 --a------ C:\WINDOWS\system32\LXBKUTIL.DLL
2007-07-01 20:34 299,520 --a------ C:\WINDOWS\uninst.exe
2007-07-01 20:34 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-07-01 20:34 <DIR> d-------- C:\Program Files\Lexmark X1100 Series
2007-07-01 14:12 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-01 13:59 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-07-01 13:59 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-07-01 01:58 0 --a------ C:\WINDOWS\system32\sys_dll.dll
2007-07-01 01:25 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-07-01 01:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-30 22:02 <DIR> d-------- C:\DOCUME~1\~MC_BL~1\APPLIC~1\Leadertech
2007-06-30 22:00 <DIR> d-------- C:\Program Files\NovaLogic
2007-06-30 19:48 <DIR> d--h----- C:\WINDOWS\PIF
2007-06-27 20:49 <DIR> d-------- C:\DOCUME~1\Jenny\APPLIC~1\Opera
2007-06-27 18:34 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-06-27 17:44 <DIR> d-------- C:\DOCUME~1\~MC_BL~1\APPLIC~1\CyberLink

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-07-29 23:03 --------- d-------- C:\DOCUME~1\~MC_BL~1\APPLIC~1\U3
2007-07-24 16:00 --------- d-------- C:\DOCUME~1\~MC_BL~1\APPLIC~1\uTorrent
2007-07-24 15:19 --------- d-------- C:\DOCUME~1\~MC_BL~1\APPLIC~1\WinRAR
2007-07-23 18:56 --------- d-------- C:\Program Files\LimeWire
2007-07-18 18:43 --------- d-------- C:\DOCUME~1\~MC_BL~1\APPLIC~1\LimeWire
2007-07-18 16:44 --------- d-------- C:\DOCUME~1\~MC_BL~1\APPLIC~1\Syntrillium
2007-07-05 19:13 --------- d-------- C:\Program Files\MSN Messenger
2007-07-04 21:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-07-03 18:16 28400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-03 17:59 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-01 15:30 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-07-01 14:05 22732 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-30 22:02 --------- d-------- C:\DOCUME~1\~MC_BL~1\APPLIC~1\Leadertech
2007-06-27 17:44 --------- d-------- C:\DOCUME~1\~MC_BL~1\APPLIC~1\CyberLink
2007-06-15 19:01 --------- d-------- C:\DOCUME~1\~MC_BL~1\APPLIC~1\Help
2007-06-15 17:14 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-02 21:45 --------- d-------- C:\Program Files\Google
2007-05-30 22:19 --------- d-------- C:\Program Files\DVD Decrypter
2007-05-30 21:40 --------- d-------- C:\DOCUME~1\~MC_BL~1\APPLIC~1\AdobeUM
2007-05-30 19:41 --------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-29 12:57 21120 --a------ C:\WINDOWS\system32\drivers\nchssvad.sys
2007-05-19 19:45 3098056 --a------ C:\Program Files\LimeWireWin.exe
2007-05-14 21:02 0 -rahs---- C:\MSDOS.SYS
2007-05-14 21:02 0 -rahs---- C:\IO.SYS
2007-05-14 21:02 0 --a------ C:\CONFIG.SYS
2007-05-14 21:02 0 --a------ C:\AUTOEXEC.BAT
2007-05-01 01:46 745600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-05-01 01:35 95872 --a------ C:\WINDOWS\system32\AvastSS.scr
2004-03-11 13:27 40960 --a------ C:\Program Files\Uninstall_CDS.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22407419-D383-4C8A-8545-FFE119277316}]
C:\WINDOWS\system32\jkkli.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 18:51]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 18:50]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"nwiz"="nwiz.exe" [2004-04-23 14:24 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 C:\WINDOWS\AGRSMMSG.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-05-01 01:42]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 18:54 C:\WINDOWS\soundman.exe]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-20 00:43]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-06-16 04:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24]

C:\Documents and Settings\~MC_Blaze~\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 06:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkli]
C:\WINDOWS\system32\jkkli.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyywx]
xxyyywx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^~MC_Blaze~^Start Menu^Programs^Startup^Blackmores Detox Coach.lnk]
path=C:\Documents and Settings\~MC_Blaze~\Start Menu\Programs\Startup\Blackmores Detox Coach.lnk
backup=C:\WINDOWS\pss\Blackmores Detox Coach.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

R1 Tcpip6;Microsoft IPv6 Protocol Driver;C:\WINDOWS\system32\DRIVERS\tcpip6.sys
R2 6to4;IPv6 Helper Service;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 SimpTcp;Simple TCP/IP Services;C:\WINDOWS\system32\tcpsvcs.exe
R3 ALCXSENS;Service for WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\ALCXSENS.SYS
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 tunmp;Microsoft Tun Miniport Adapter Driver;C:\WINDOWS\system32\DRIVERS\tunmp.sys
S3 AdfuUd;%USB\VID_10D6&PID_1160.DeviceDesc%;C:\WINDO WS\system32\Drivers\AdfuUd.sys
S3 GMSIPCI;GMSIPCI;\??\E:\INSTALL\GMSIPCI.SYS
S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\Drivers\mtk.sys
S3 NCHSSVAD;SoundTap Recorder;C:\WINDOWS\system32\drivers\nchssvad.sys
S3 NTACCESS;NTACCESS;\??\E:\NTACCESS.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
AutoRun\command- E:\START\ShelExec.exe start.html

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0ee0701a-1723-11dc-a786-0011090fcebc}]
AutoRun\command- H:\LaunchU3.exe -a

Contents of the 'Scheduled Tasks' folder
2007-07-23 00:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-30 17:16:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-07-30 17:18:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-30 17:17

--- E O F ---

and here is my VundoFix log

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 4:53:52 PM 30/07/2007

Listing files found while scanning....

C:\WINDOWS\system32\ilkkj.bak1
C:\WINDOWS\system32\ilkkj.bak2
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\ilkkj.tmp
C:\WINDOWS\system32\jkkli.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ilkkj.bak1
C:\WINDOWS\system32\ilkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilkkj.bak2
C:\WINDOWS\system32\ilkkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\ilkkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilkkj.tmp
C:\WINDOWS\system32\ilkkj.tmp Has been deleted!

Performing Repairs to the registry.
Done!

and finally my HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:58 PM, on 30/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\~MC_Blaze~\My Documents\My ****\Setup Files\foolyou.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lizzy.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22407419-D383-4C8A-8545-FFE119277316} - C:\WINDOWS\system32\jkkli.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1179391632046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184827587687
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5143BED9-6822-45AA-972A-3B9145F09784}: NameServer = 203.194.56.150 203.194.27.57
O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll (file missing)
O20 - Winlogon Notify: xxyyywx - xxyyywx.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7743 bytes

thanks for your help so far....

**Neal** · 30-07-2007

Thanks for that.

You need to uninstall all older versions of sun java and here is how to get the new version:

Update Java:

* Go to Start > Control Panel double-click on the Software icon > add/remove programs.
* Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It should have next icon next to it:

Select it and click Remove.
* The current version can be downloaded from Sun here: http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 6u2 and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.

Look in add/remove program and remove if present:

Viewpoint
viewpoint media player
viewpoint manager

Reboot afterwards

These suspicious files below need to be scanned one at time at a single file scanner, copy/paste the results back for me please....

C:\WINDOWS\Rid****.scr
C:\WINDOWS\HB_Tease_SS_PC.scr
C:\WINDOWS\eReg.dat
C:\WINDOWS\system32\emptyregdb.dat

Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\WINDOWS\HB_Tease_SS_PC.scr

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.

If that one is to busy here is another option:

http://virusscan.jotti.org

And

http://www.kaspersky.com/scanforvirus.html

Do that for each of them. Thanks.

**TreyDeuce** · 31-07-2007

ok i uninstalled Java but 86% thru downloadin the update my computer froze, i keeps freezing while i am on the internet, sometimes after 10 mins other times after 1 hour or so....i dont get it?

but i did have viewpoint media player on my computer so i uninstalled that.

and here are the results for those 4 files you told me to look at, both the screensavers were off a disc so i will delete em, coz i dont need em and one found a virus thing, so yea

HB_Tease.scr
Antivirus Version Last Update Result
AhnLab-V3 2007.7.31.1 2007.07.31 -
AntiVir 7.4.0.54 2007.07.30 -
Authentium 4.93.8 2007.07.30 -
Avast 4.7.997.0 2007.07.30 -
AVG 7.5.0.476 2007.07.30 -
BitDefender 7.2 2007.07.31 -
CAT-QuickHeal 9.00 2007.07.30 -
ClamAV 0.91 2007.07.31 -
DrWeb 4.33 2007.07.31 -
eSafe 7.0.15.0 2007.07.29 Suspicious Trojan/Worm
eTrust-Vet 31.1.5019 2007.07.31 -
Ewido 4.0 2007.07.30 -
FileAdvisor 1 2007.07.31 -
Fortinet 2.91.0.0 2007.07.31 -
F-Prot 4.3.2.48 2007.07.30 -
F-Secure 6.70.13030.0 2007.07.31 -
Ikarus T3.1.1.8 2007.07.31 -
Kaspersky 4.0.2.24 2007.07.31 -
McAfee 5086 2007.07.30 -
Microsoft 1.2704 2007.07.31 -
NOD32v2 2429 2007.07.30 -
Norman 5.80.02 2007.07.30 -
Panda 9.0.0.4 2007.07.31 -
Prevx1 V2 2007.07.31 -
Rising 19.34.12.00 2007.07.31 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.31 -
Symantec 10 2007.07.31 -
TheHacker 6.1.7.159 2007.07.31 -
VBA32 3.12.2.2 2007.07.30 -
VirusBuster 4.3.26:9 2007.07.30 -
Webwasher-Gateway 6.0.1 2007.07.31 -
Additional information
File size: 194560 bytes
MD5: f588cefdcd3b5e8facae110b96e707da
SHA1: 30f3470a903acff3a398500f367cb7fd6dd21fd1
packers: ASPACK
packers: Aspack

Emptyreg.dat
Antivirus Version Last Update Result
AhnLab-V3 2007.7.31.1 2007.07.31 -
AntiVir 7.4.0.54 2007.07.30 -
Authentium 4.93.8 2007.07.30 -
Avast 4.7.997.0 2007.07.30 -
AVG 7.5.0.476 2007.07.30 -
BitDefender 7.2 2007.07.31 -
CAT-QuickHeal 9.00 2007.07.30 -
ClamAV 0.91 2007.07.31 -
DrWeb 4.33 2007.07.31 -
eSafe 7.0.15.0 2007.07.29 -
eTrust-Vet 31.1.5019 2007.07.31 -
Ewido 4.0 2007.07.30 -
FileAdvisor 1 2007.07.31 -
Fortinet 2.91.0.0 2007.07.31 -
F-Prot 4.3.2.48 2007.07.30 -
F-Secure 6.70.13030.0 2007.07.31 -
Ikarus T3.1.1.8 2007.07.31 -
Kaspersky 4.0.2.24 2007.07.31 -
McAfee 5086 2007.07.30 -
Microsoft 1.2704 2007.07.31 -
NOD32v2 2429 2007.07.30 -
Norman 5.80.02 2007.07.30 -
Panda 9.0.0.4 2007.07.31 -
Prevx1 V2 2007.07.31 -
Rising 19.34.12.00 2007.07.31 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.31 -
Symantec 10 2007.07.31 -
TheHacker 6.1.7.159 2007.07.31 -
VBA32 3.12.2.2 2007.07.30 -
VirusBuster 4.3.26:9 2007.07.30 -
Webwasher-Gateway 6.0.1 2007.07.31 -
Additional information
File size: 22732 bytes
MD5: 393102d665bbbcb7cd9681117f4f6435
SHA1: 1d568156985cb307201decee17a7feb6a865c1b8

eReg.dat was clean according to Kaspersky Scanner.

and any help with my computer freezing only while on the internet would be very helpfull

THANKS FOR YOUR HELP SO FAR~

My hijackthis log, help?

My hijackthis log, help?

Similar Threads

HiJackThis Log

hijackthis log

HijackThis

HijackThis! Log