Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:04 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\system32\qommnkj.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O20 - Winlogon Notify: qommnkj - C:\WINDOWS\SYSTEM32\qommnkj.dll
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10205 bytes

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

ComboFix 08-01-31.5 - JC 2008-01-31 10:55:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1608 [GMT -5:00]
Running from: C:\Documents and Settings\JC\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dxdss.sys
C:\WINDOWS\system32\qommnkj.dll
C:\Documents and Settings\JC\ntuser.exe
C:\Program Files\Helper
C:\Program Files\Helper\superfinderusa.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OinFP.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\WINDOWS\system32\drivers\win32.exe
C:\WINDOWS\system32\dxdss.sys
C:\WINDOWS\system32\nnnomkh.dll
C:\WINDOWS\system32\qommnkj.dll
C:\WINDOWS\system32\winrkp32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\mp32


((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-31 10:53 . 2008-01-31 10:53 268 --ah----- C:\sqmdata17.sqm
2008-01-31 10:53 . 2008-01-31 10:53 244 --ah----- C:\sqmnoopt17.sqm
2008-01-30 18:51 . 2008-01-30 18:51 <DIR> d-------- C:\Program Files\Hijack This
2008-01-30 15:05 . 2008-01-30 15:05 268 --ah----- C:\sqmdata16.sqm
2008-01-30 15:05 . 2008-01-30 15:05 244 --ah----- C:\sqmnoopt16.sqm
2008-01-22 06:34 . 2008-01-22 06:34 268 --ah----- C:\sqmdata15.sqm
2008-01-22 06:34 . 2008-01-22 06:34 244 --ah----- C:\sqmnoopt15.sqm
2008-01-18 06:08 . 2008-01-18 06:08 268 --ah----- C:\sqmdata14.sqm
2008-01-18 06:08 . 2008-01-18 06:08 244 --ah----- C:\sqmnoopt14.sqm
2008-01-17 06:28 . 2008-01-17 06:28 268 --ah----- C:\sqmdata13.sqm
2008-01-17 06:28 . 2008-01-17 06:28 244 --ah----- C:\sqmnoopt13.sqm
2008-01-16 06:12 . 2008-01-16 06:12 268 --ah----- C:\sqmdata12.sqm
2008-01-16 06:12 . 2008-01-16 06:12 244 --ah----- C:\sqmnoopt12.sqm
2008-01-15 06:10 . 2008-01-15 06:10 268 --ah----- C:\sqmdata11.sqm
2008-01-15 06:10 . 2008-01-15 06:10 244 --ah----- C:\sqmnoopt11.sqm
2008-01-13 18:58 . 2008-01-13 18:58 268 --ah----- C:\sqmdata10.sqm
2008-01-13 18:58 . 2008-01-13 18:58 244 --ah----- C:\sqmnoopt10.sqm
2008-01-13 18:57 . 2008-01-13 18:57 721,920 --a------ C:\WINDOWS\system32\HFX29.tmp
2008-01-13 18:54 . 2008-01-13 18:54 268 --ah----- C:\sqmdata09.sqm
2008-01-13 18:54 . 2008-01-13 18:54 244 --ah----- C:\sqmnoopt09.sqm
2008-01-13 18:52 . 2008-01-13 18:52 5,504 --a------ C:\WINDOWS\system32\drivers\runtime.sys
2008-01-13 18:51 . 2008-01-13 18:51 81,656 --a------ C:\tshl.exe
2008-01-13 18:51 . 2008-01-13 18:51 60,996 --a------ C:\ecpw.exe
2008-01-13 18:51 . 2008-01-13 18:51 58,880 --a------ C:\ysxl.exe
2008-01-13 18:51 . 2008-01-13 18:51 30,441 --a------ C:\ienudwqs.exe
2008-01-13 18:51 . 2008-01-13 18:51 2 --a------ C:\-1941229941
2008-01-13 18:43 . 2008-01-13 18:51 <DIR> d-------- C:\Program Files\DNA
2008-01-13 18:43 . 2008-01-13 18:43 <DIR> d-------- C:\Program Files\BitTorrent
2008-01-13 18:43 . 2008-01-13 18:43 <DIR> d-------- C:\Documents and Settings\JC\Application Data\DNA
2008-01-13 18:43 . 2008-01-13 18:55 <DIR> d-------- C:\Documents and Settings\JC\Application Data\BitTorrent
2008-01-13 18:37 . 2008-01-13 18:37 268 --ah----- C:\sqmdata08.sqm
2008-01-13 18:37 . 2008-01-13 18:37 244 --ah----- C:\sqmnoopt08.sqm
2008-01-13 18:31 . 2008-01-13 18:31 <DIR> d-------- C:\Program Files\Uniblue
2008-01-13 18:31 . 2008-01-13 18:31 <DIR> d-------- C:\Documents and Settings\JC\Application Data\Uniblue
2008-01-13 18:29 . 2008-01-13 18:29 <DIR> d-------- C:\Documents and Settings\JC\Application Data\Grisoft
2008-01-13 18:29 . 2008-01-13 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-13 18:29 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-10 06:30 . 2008-01-10 06:30 268 --ah----- C:\sqmdata07.sqm
2008-01-10 06:30 . 2008-01-10 06:30 244 --ah----- C:\sqmnoopt07.sqm
2008-01-09 06:29 . 2008-01-09 06:29 268 --ah----- C:\sqmdata06.sqm
2008-01-09 06:29 . 2008-01-09 06:29 244 --ah----- C:\sqmnoopt06.sqm
2008-01-08 06:23 . 2008-01-08 06:23 268 --ah----- C:\sqmdata05.sqm
2008-01-08 06:23 . 2008-01-08 06:23 244 --ah----- C:\sqmnoopt05.sqm
2008-01-07 06:19 . 2008-01-07 06:19 268 --ah----- C:\sqmdata04.sqm
2008-01-07 06:19 . 2008-01-07 06:19 244 --ah----- C:\sqmnoopt04.sqm
2008-01-06 06:00 . 2008-01-06 06:00 268 --ah----- C:\sqmdata03.sqm
2008-01-06 06:00 . 2008-01-06 06:00 244 --ah----- C:\sqmnoopt03.sqm
2008-01-04 07:56 . 2008-01-04 07:56 268 --ah----- C:\sqmdata02.sqm
2008-01-04 07:56 . 2008-01-04 07:56 244 --ah----- C:\sqmnoopt02.sqm
2008-01-03 20:02 . 2008-01-03 20:02 268 --ah----- C:\sqmdata01.sqm
2008-01-03 20:02 . 2008-01-03 20:02 244 --ah----- C:\sqmnoopt01.sqm
2008-01-03 19:45 . 2008-01-03 19:45 268 --ah----- C:\sqmdata00.sqm
2008-01-03 19:45 . 2008-01-03 19:45 244 --ah----- C:\sqmnoopt00.sqm
2008-01-03 19:43 . 2008-01-03 19:43 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-03 19:43 . 2008-01-03 19:43 12,252,879 --------- C:\AVG7QT.DAT
2008-01-03 19:40 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-03 19:40 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-03 19:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-03 19:33 . 2008-01-03 19:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-03 19:33 . 2008-01-03 19:34 <DIR> d-------- C:\Documents and Settings\JC\Contacts
2008-01-03 19:30 . 2008-01-03 19:33 <DIR> d-------- C:\Program Files\Windows Live
2008-01-03 19:30 . 2008-01-03 19:33 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-03 19:30 . 2008-01-03 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-03 19:16 . 2008-01-03 19:16 <DIR> d-------- C:\Program Files\CCleaner
2008-01-03 19:13 . 2008-01-03 19:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-03 19:13 . 2008-01-13 08:00 <DIR> d-------- C:\Documents and Settings\JC\Application Data\AVG7
2008-01-03 19:12 . 2008-01-03 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-03 19:09 . 2008-01-03 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-03 19:08 . 2008-01-03 19:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-03 19:05 . 2008-01-30 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-03 12:50 . 2008-01-03 12:50 <DIR> d-------- C:\Documents and Settings\JC\Application Data\AdwareAlert
2008-01-03 12:08 . 2008-01-03 12:08 <DIR> d-------- C:\WINDOWS\RegistryCleaner
2008-01-03 11:41 . 2008-01-03 11:41 <DIR> d-------- C:\Documents and Settings\JC\Application Data\RegistrySmart
2008-01-03 11:08 . 2008-01-03 11:08 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-27 09:45 . 2007-12-27 09:45 <DIR> d-------- C:\Program Files\GameTap
2007-12-27 09:45 . 2007-12-27 09:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameTap
2007-12-27 08:59 . 2007-12-27 08:59 <DIR> d-------- C:\Program Files\Atari
2007-12-15 15:39 . 2007-12-15 15:41 <DIR> d-------- C:\Documents and Settings\JC\Application Data\GetRightToGo
2007-12-15 15:14 . 2007-12-18 18:08 <DIR> d-------- C:\Downloads
2007-12-08 14:09 . 2007-12-08 14:09 1 --a------ C:\Documents and Settings\JC\SI.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 22:43 --------- d-----w C:\Program Files\World of Warcraft
2008-01-04 00:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 16:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-03 16:16 --------- d-----w C:\Program Files\Symantec
2008-01-03 14:53 --------- d-----w C:\Program Files\Avax Vector ActiveX R1
2007-12-27 14:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 13:48 --------- d-----w C:\Documents and Settings\JC\Application Data\IGN_DLM
2007-12-16 00:29 --------- d-----w C:\Documents and Settings\JC\Application Data\Bioshock
2007-12-08 19:08 --------- d-----w C:\Program Files\THQ
2007-11-30 01:01 --------- d-----w C:\Documents and Settings\JC\Application Data\AdobeUM
2007-11-16 21:13 22,328 ----a-w C:\Documents and Settings\JC\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57 1103480]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03 36864]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 07:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-29 16:17 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 15:51 1885464]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 05:05 8429568]
"nwiz"="nwiz.exe" [2007-04-20 05:05 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 08:25 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe" [2006-11-14 01:25 363008]
"Launch Ai Booster"="C:\Program Files\ASUS\AI Booster\OverClk.exe" [2006-11-28 16:20 3714048]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19 52840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 05:05 81920]
"P17Helper"="P17.dll" [2005-05-02 22:38 64512 C:\WINDOWS\system32\P17.dll]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 15:10 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 07:59:59 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-01-26 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - JC.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-01-30 08:29:59 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 10:57:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
.
**************************************************************************
.
Completion time: 2008-01-31 10:59:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-31 15:59:09
.
2008-01-14 11:34:18 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:09 AM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9461 bytes

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

ComboFix 08-01-31.5 - JC 2008-01-31 17:21:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1593 [GMT -5:00]
Running from: C:\Documents and Settings\JC\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\JC\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-31 10:58 . 2008-01-31 10:58 268 --ah----- C:\sqmdata18.sqm
2008-01-31 10:58 . 2008-01-31 10:58 244 --ah----- C:\sqmnoopt18.sqm
2008-01-31 10:53 . 2008-01-31 10:53 268 --ah----- C:\sqmdata17.sqm
2008-01-31 10:53 . 2008-01-31 10:53 244 --ah----- C:\sqmnoopt17.sqm
2008-01-30 18:51 . 2008-01-30 18:51 <DIR> d-------- C:\Program Files\Hijack This
2008-01-30 15:05 . 2008-01-30 15:05 268 --ah----- C:\sqmdata16.sqm
2008-01-30 15:05 . 2008-01-30 15:05 244 --ah----- C:\sqmnoopt16.sqm
2008-01-22 06:34 . 2008-01-22 06:34 268 --ah----- C:\sqmdata15.sqm
2008-01-22 06:34 . 2008-01-22 06:34 244 --ah----- C:\sqmnoopt15.sqm
2008-01-18 06:08 . 2008-01-18 06:08 268 --ah----- C:\sqmdata14.sqm
2008-01-18 06:08 . 2008-01-18 06:08 244 --ah----- C:\sqmnoopt14.sqm
2008-01-17 06:28 . 2008-01-17 06:28 268 --ah----- C:\sqmdata13.sqm
2008-01-17 06:28 . 2008-01-17 06:28 244 --ah----- C:\sqmnoopt13.sqm
2008-01-16 06:12 . 2008-01-16 06:12 268 --ah----- C:\sqmdata12.sqm
2008-01-16 06:12 . 2008-01-16 06:12 244 --ah----- C:\sqmnoopt12.sqm
2008-01-15 06:10 . 2008-01-15 06:10 268 --ah----- C:\sqmdata11.sqm
2008-01-15 06:10 . 2008-01-15 06:10 244 --ah----- C:\sqmnoopt11.sqm
2008-01-13 18:58 . 2008-01-13 18:58 268 --ah----- C:\sqmdata10.sqm
2008-01-13 18:58 . 2008-01-13 18:58 244 --ah----- C:\sqmnoopt10.sqm
2008-01-13 18:57 . 2008-01-13 18:57 721,920 --a------ C:\WINDOWS\system32\HFX29.tmp
2008-01-13 18:54 . 2008-01-13 18:54 268 --ah----- C:\sqmdata09.sqm
2008-01-13 18:54 . 2008-01-13 18:54 244 --ah----- C:\sqmnoopt09.sqm
2008-01-13 18:52 . 2008-01-13 18:52 5,504 --a------ C:\WINDOWS\system32\drivers\runtime.sys
2008-01-13 18:51 . 2008-01-13 18:51 81,656 --a------ C:\tshl.exe
2008-01-13 18:51 . 2008-01-13 18:51 60,996 --a------ C:\ecpw.exe
2008-01-13 18:51 . 2008-01-13 18:51 58,880 --a------ C:\ysxl.exe
2008-01-13 18:51 . 2008-01-13 18:51 30,441 --a------ C:\ienudwqs.exe
2008-01-13 18:51 . 2008-01-13 18:51 2 --a------ C:\-1941229941
2008-01-13 18:43 . 2008-01-13 18:51 <DIR> d-------- C:\Program Files\DNA
2008-01-13 18:43 . 2008-01-13 18:43 <DIR> d-------- C:\Program Files\BitTorrent
2008-01-13 18:43 . 2008-01-13 18:43 <DIR> d-------- C:\Documents and Settings\JC\Application Data\DNA
2008-01-13 18:43 . 2008-01-13 18:55 <DIR> d-------- C:\Documents and Settings\JC\Application Data\BitTorrent
2008-01-13 18:37 . 2008-01-13 18:37 268 --ah----- C:\sqmdata08.sqm
2008-01-13 18:37 . 2008-01-13 18:37 244 --ah----- C:\sqmnoopt08.sqm
2008-01-13 18:31 . 2008-01-13 18:31 <DIR> d-------- C:\Program Files\Uniblue
2008-01-13 18:31 . 2008-01-13 18:31 <DIR> d-------- C:\Documents and Settings\JC\Application Data\Uniblue
2008-01-13 18:29 . 2008-01-13 18:29 <DIR> d-------- C:\Documents and Settings\JC\Application Data\Grisoft
2008-01-13 18:29 . 2008-01-13 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-13 18:29 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-10 06:30 . 2008-01-10 06:30 268 --ah----- C:\sqmdata07.sqm
2008-01-10 06:30 . 2008-01-10 06:30 244 --ah----- C:\sqmnoopt07.sqm
2008-01-09 06:29 . 2008-01-09 06:29 268 --ah----- C:\sqmdata06.sqm
2008-01-09 06:29 . 2008-01-09 06:29 244 --ah----- C:\sqmnoopt06.sqm
2008-01-08 06:23 . 2008-01-08 06:23 268 --ah----- C:\sqmdata05.sqm
2008-01-08 06:23 . 2008-01-08 06:23 244 --ah----- C:\sqmnoopt05.sqm
2008-01-07 06:19 . 2008-01-07 06:19 268 --ah----- C:\sqmdata04.sqm
2008-01-07 06:19 . 2008-01-07 06:19 244 --ah----- C:\sqmnoopt04.sqm
2008-01-06 06:00 . 2008-01-06 06:00 268 --ah----- C:\sqmdata03.sqm
2008-01-06 06:00 . 2008-01-06 06:00 244 --ah----- C:\sqmnoopt03.sqm
2008-01-04 07:56 . 2008-01-04 07:56 268 --ah----- C:\sqmdata02.sqm
2008-01-04 07:56 . 2008-01-04 07:56 244 --ah----- C:\sqmnoopt02.sqm
2008-01-03 20:02 . 2008-01-03 20:02 268 --ah----- C:\sqmdata01.sqm
2008-01-03 20:02 . 2008-01-03 20:02 244 --ah----- C:\sqmnoopt01.sqm
2008-01-03 19:45 . 2008-01-03 19:45 268 --ah----- C:\sqmdata00.sqm
2008-01-03 19:45 . 2008-01-03 19:45 244 --ah----- C:\sqmnoopt00.sqm
2008-01-03 19:43 . 2008-01-03 19:43 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-03 19:43 . 2008-01-03 19:43 12,252,879 --------- C:\AVG7QT.DAT
2008-01-03 19:40 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-03 19:40 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-03 19:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-03 19:33 . 2008-01-03 19:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-03 19:33 . 2008-01-03 19:34 <DIR> d-------- C:\Documents and Settings\JC\Contacts
2008-01-03 19:30 . 2008-01-03 19:33 <DIR> d-------- C:\Program Files\Windows Live
2008-01-03 19:30 . 2008-01-03 19:33 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-03 19:30 . 2008-01-03 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-03 19:16 . 2008-01-03 19:16 <DIR> d-------- C:\Program Files\CCleaner
2008-01-03 19:13 . 2008-01-03 19:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-03 19:13 . 2008-01-13 08:00 <DIR> d-------- C:\Documents and Settings\JC\Application Data\AVG7
2008-01-03 19:12 . 2008-01-03 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-03 19:09 . 2008-01-03 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-03 19:08 . 2008-01-03 19:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-03 19:05 . 2008-01-30 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-03 12:50 . 2008-01-03 12:50 <DIR> d-------- C:\Documents and Settings\JC\Application Data\AdwareAlert
2008-01-03 12:08 . 2008-01-03 12:08 <DIR> d-------- C:\WINDOWS\RegistryCleaner
2008-01-03 11:41 . 2008-01-03 11:41 <DIR> d-------- C:\Documents and Settings\JC\Application Data\RegistrySmart
2008-01-03 11:08 . 2008-01-03 11:08 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-27 09:45 . 2007-12-27 09:45 <DIR> d-------- C:\Program Files\GameTap
2007-12-27 09:45 . 2007-12-27 09:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameTap
2007-12-27 08:59 . 2007-12-27 08:59 <DIR> d-------- C:\Program Files\Atari
2007-12-15 15:39 . 2007-12-15 15:41 <DIR> d-------- C:\Documents and Settings\JC\Application Data\GetRightToGo
2007-12-15 15:14 . 2007-12-18 18:08 <DIR> d-------- C:\Downloads
2007-12-08 14:09 . 2007-12-08 14:09 1 --a------ C:\Documents and Settings\JC\SI.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 22:43 --------- d-----w C:\Program Files\World of Warcraft
2008-01-04 00:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 16:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-03 16:16 --------- d-----w C:\Program Files\Symantec
2008-01-03 14:53 --------- d-----w C:\Program Files\Avax Vector ActiveX R1
2007-12-27 14:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 13:48 --------- d-----w C:\Documents and Settings\JC\Application Data\IGN_DLM
2007-12-16 00:29 --------- d-----w C:\Documents and Settings\JC\Application Data\Bioshock
2007-12-08 19:08 --------- d-----w C:\Program Files\THQ
2007-11-30 01:01 --------- d-----w C:\Documents and Settings\JC\Application Data\AdobeUM
2007-11-16 21:13 22,328 ----a-w C:\Documents and Settings\JC\Application Data\PnkBstrK.sys
2007-11-16 21:12 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-11-16 21:12 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-02 19:40 60,800 -c--a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 16:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-01 18:49 542,088 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-01 18:49 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57 1103480]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03 36864]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 07:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-29 16:17 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-20 05:05 8429568]
"nwiz"="nwiz.exe" [2007-04-20 05:05 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 08:25 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe" [2006-11-14 01:25 363008]
"Launch Ai Booster"="C:\Program Files\ASUS\AI Booster\OverClk.exe" [2006-11-28 16:20 3714048]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19 52840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-20 05:05 81920]
"P17Helper"="P17.dll" [2005-05-02 22:38 64512 C:\WINDOWS\system32\P17.dll]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 15:10 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 07:59:59 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-01-26 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - JC.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-01-30 08:29:59 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 17:21:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-31 17:21:38
ComboFix-quarantined-files.txt 2008-01-31 22:21:37
ComboFix2.txt 2008-01-31 15:59:11
.
2008-01-14 11:34:18 --- E O F ---

I am not sure what happened, but all the files specified for deletion are still there. Lets try it another way.

First:
We don't need ComboFix anymore, so lets remove it

From the Desktop:
Start -> Run -> Combofix /u (press Enter)

That will delete all the combofix files and folders.


Second:
1. Please download [url=1. Please download The Avenger by Swandog46 to your Desktop.

• Click on Avenger.zip to open the file
• Extract avenger.exe to your desktop

2. Copy all the text (including the words 'Files to delete:') contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):



Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Script file to execute" choose "Input Script Manually".
• Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
• Paste the text copied to clipboard into this window by pressing (Ctrl+V).
• Click Done
• Now click on the Green Light to begin execution of the script
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hdylvfsl

*******************

Script file located at: \??\C:\Documents and Settings\cvvmufcs.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\sqmdata17.sqm deleted successfully.
File C:\sqmnoopt17.sqm deleted successfully.
File C:\sqmdata16.sqm deleted successfully.
File C:\sqmnoopt16.sqm deleted successfully.
File C:\sqmdata15.sqm deleted successfully.
File C:\sqmnoopt15.sqm deleted successfully.
File C:\sqmdata14.sqm deleted successfully.
File C:\sqmnoopt14.sqm deleted successfully.
File C:\sqmdata13.sqm deleted successfully.
File C:\sqmnoopt13.sqm deleted successfully.
File C:\sqmdata12.sqm deleted successfully.
File C:\sqmnoopt12.sqm deleted successfully.
File C:\sqmdata11.sqm deleted successfully.
File C:\sqmnoopt11.sqm deleted successfully.
File C:\sqmdata10.sqm deleted successfully.
File C:\sqmnoopt10.sqm deleted successfully.
File C:\WINDOWS\system32\HFX29.tmp deleted successfully.
File C:\sqmdata09.sqm deleted successfully.
File C:\sqmnoopt09.sqm deleted successfully.
File C:\WINDOWS\system32\drivers\runtime.sys deleted successfully.
File C:\tshl.exe deleted successfully.
File C:\ecpw.exe deleted successfully.
File C:\ysxl.exe deleted successfully.
File C:\ienudwqs.exe deleted successfully.
File C:\-1941229941 deleted successfully.
File C:\sqmdata08.sqm deleted successfully.
File C:\sqmnoopt08.sqm deleted successfully.
File C:\sqmdata07.sqm deleted successfully.
File C:\sqmnoopt07.sqm deleted successfully.
File C:\sqmdata06.sqm deleted successfully.
File C:\sqmnoopt06.sqm deleted successfully.
File C:\sqmdata05.sqm deleted successfully.
File C:\sqmnoopt05.sqm deleted successfully.
File C:\sqmdata04.sqm deleted successfully.
File C:\sqmnoopt04.sqm deleted successfully.
File C:\sqmdata03.sqm deleted successfully.
File C:\sqmnoopt03.sqm deleted successfully.
File C:\sqmdata02.sqm deleted successfully.
File C:\sqmnoopt02.sqm deleted successfully.
File C:\sqmdata01.sqm deleted successfully.
File C:\sqmnoopt01.sqm deleted successfully.
File C:\sqmdata00.sqm deleted successfully.
File C:\sqmnoopt00.sqm deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:50 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9517 bytes

Now, unless there are still issues not reflected in your log(s), your system is clean and we are finished. Here are some simple steps you can take to reduce the chance of infection in the future. These are only suggestions, and not meant to be comprehensive, or mandatory. Take what you want, leave the rest.

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system, Internet Explorer, and any Office Programs you have installed. Be sure to select the Microsoft Update option from the Windows Update Control Panel.

2. Check your Java Runtime version. (Current=1.6, aka Version 6 Update 3)
You can check the current version of the Java Runtime Modules installed by opening the Java Control Panel and selecting 'About' from the 'General' tab.
The current version can be downloaded from Sun here: http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 6 ' and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.

Note: Be sure to remove all prior versions using Add/Remove Programs before you install the new one. Remember to reboot after removal.

3. Adjust your security settings for ActiveX:
Select Internet Options from the Control Panels, or from Internet Explorer (Tools -> Internet Options -> Security tab)
Click on Select Internet Zone (this is usually the default)
Press 'default level', then OK
Now press "Custom Level."

In the ActiveX controls and plug-ins section set these options:
'Download signed ActiveX controls' - Prompt
'Download unsigned ActiveX controls' - Disable
'Initialize and script ActiveX controls not maked as safe'- Disable
All other ActiveX options accept the default

4. Download and install the following free programs
a. SpywareBlaster (ActiveX protection): http://www.javacoolsoftware.com/spywareblaster.html
b. HostsXpert (HOSTS file manager): http://www.funkytoad.com

5. Install Spyware Detection and Removal Programs:
You may also want to consider installing one (or more) of the following in addition to Windows Defender:
a.Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download
b. AdAware 2007 http://www.lavasoft.de/
c. AVG AntiSpyware, Free Edition:
http://free.grisoft.com/doc/20/lng/us/tpl/v5
d. SuperAntiSpyWare, Free Edition:
http://www.snapfiles.com/get/SuperAntiSpyware.html

6. Turn on the option to Detect Phishes in your browser
Internet Explorer v7 and FireFox v2 include have excellent built-in antiphishing capabilities. Make sure you have this option turned on. If you are using Windows XP and are still using Internet Explorer 6, upgrade to Internet Explorer 7. The added security features make this upgrade mandatory for browsing today.

7. Reset System Restore
Please reset your System Restore. See Windows help for information.

8. Clean Temporary Files and Folders
Download and scan with [URL=http://www.ccleaner.com/downloadbuilds.asp]CCleaner[/URL
a. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.
b. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
c. Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
d. Click the "Run Cleaner" button.
e. A pop up box will appear advising this process will permanently delete files from your system.
f. Click "OK" and it will scan and clean your system.
g. Click "exit" when done.
Run the disk cleanup utility called Cleanup! that you have already downloaded and installed
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.
Then reboot into normal mode to let it clean out the remaining files.

9. Rogue/Suspect Anti-Spyware
Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: http://www.spywarewarrior.com/rogue_anti-spyware.htm

10. Anti-Spyware Programs Compared
Want to know just how effective your anti-spyware program is? Wonder how well any of the "rogue" programs listed above work? Check this link for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm

11. Alternate Browser
Consider using an alternate browser as your default. I recommend and use Firefox as my primary browser. It is still necessary to keep Internet Explorer current and protected in order to use Windows Update.

If you use FireFox as your primary browser, then I recommend installing the NoScirpt extension:
http://www.noscript.net



For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiator-antivirus.com/index...?showtopic=9857

"It is your responsibility to read and adhere to the End User Licensing Agreement (EULA) of all software and services mentioned."

Good luck, and thanks for coming to our forums for help with your security and malware issues.

Thanks in advance for all the help. I have done everything you have recc. me to do. Still when i attempt to use IE or any file that requires Microsoft i cannot use. For example cannot use the Microsoft Update.