getting a lot of pop ups from 'from internet speed monitor' and 'red orbitz', it's way out of hand, heres the hijackthislog


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:25 PM, on 9/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VnrPack\VnrPack20.exe
C:\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\GetPack\GetPack21.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\VnrBlock\VnrBlock21.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B173FCC-7180-4AB5-8D95-59DA8D91FBB4} - C:\WINDOWS\system32\alrsv.dll
O2 - BHO: agadoo browser optimizer - {1f8e6e9c-5e7b-32bc-847d-7a6553707af9} - C:\WINDOWS\system32\xnnkiqlpgou.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: DrFlex IE Helper - {8EEB2711-9D21-4f9c-99A1-B7FC5A8CA56A} - C:\Program Files\QdrDrive\QdrDrive20.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{9398bbf1-4809-1117-c19c-3802f3ca4100}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\xnnkiqlpgou.dll" DllStart
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [{77d29295-1377-9687-127e-0956b643f90a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll" DllStart
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKLM\..\Run: [{07-78-8C-CF-DW}] C:\windows\system32\rmwnw64m.exe DWrvg
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntqtdl.exe DWrvg
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [AWMON] "C:\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntqtdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rmwnw64m.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\iolo\common\firewall\ifw_xfilter.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 8812 bytes

Hi evilmuffin

Step 1
Please download ATF Cleaner by Atribune. (This program is for XP, Vista and Windows 2000 )

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 2
Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
• Finally copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.

Step 3
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

In your next reply, please submit:
SDFix report
MBAM scan report
and a new Hjt log.

Thanks.

SDFix: Version 1.229
Run by krazyCarl on Sat 09/27/2008 at 06:12 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Program Files\GetPack\dictame.gz - Deleted
C:\Program Files\GetPack\GetPack21.exe - Deleted
C:\Program Files\GetPack\trgtame.gz - Deleted
C:\Program Files\iCheck\Uninstall.exe - Deleted
C:\Program Files\QdrDrive\QdrDrive20.dll - Deleted
C:\Program Files\QdrDrive\qdrloader.exe - Deleted
C:\Program Files\VnrBlock\VnrBlock21.exe - Deleted
C:\Program Files\VnrBlock\xoffdic.gz - Deleted
C:\Program Files\VnrBlock\xtarga.gz - Deleted
C:\Program Files\VnrPack\dicts.gz - Deleted
C:\Program Files\VnrPack\trgts.gz - Deleted
C:\Program Files\VnrPack\VnrPack20.exe - Deleted
C:\Documents and Settings\krazyCarl\Start Menu\Programs\Startup\Deewoo.lnk - Deleted
C:\Documents and Settings\krazyCarl\Start Menu\Programs\Startup\DW_Start.lnk - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted



Folder C:\Program Files\GetPack - Removed
Folder C:\Program Files\iCheck - Removed
Folder C:\Program Files\QdrDrive - Removed
Folder C:\Program Files\VnrBlock - Removed
Folder C:\Program Files\VnrPack - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 18:19:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iolo\\System Mechanic Professional 7\\Personal Firewall\\ioloFW.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 7\\Personal Firewall\\ioloFW.exe:*:Enabled:iolo Firewallr"
"C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\ioloAV.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\ioloAV.exe:*:Enabled:iolo AntiVirusr"
"C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\iAVEmailScanner.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\iAVEmailScanner.exe:*:Enabled:iolo AntiVirusr Email Protection"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :


Finished!




and malwarebytes antimalware....



Malwarebytes' Anti-Malware 1.28
Database version: 1203
Windows 5.1.2600 Service Pack 3

9/27/2008 7:13:59 PM
mbam-log-2008-09-27 (19-13-59).txt

Scan type: Quick Scan
Objects scanned: 48471
Time elapsed: 10 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 9
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b173fcc-7180-4ab5-8d95-59da8d91fbb4} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1b173fcc-7180-4ab5-8d95-59da8d91fbb4} (Trojan.BHO.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\standkqj (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\standkqj (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\standkqj (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\standkqj (Rootkit.Agent) -> Delete on reboot.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getpack21 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{77d29295-1377-9687-127e-0956b643f90a} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9398bbf1-4809-1117-c19c-3802f3ca4100} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VnrBlock20 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" /s) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\alrsv.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\ncbeaojl.dat (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.



and hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:18 PM, on 9/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B173FCC-7180-4AB5-8D95-59DA8D91FBB4} - C:\WINDOWS\system32\alrsv.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKLM\..\Run: [{07-78-8C-CF-DW}] C:\windows\system32\rmwnw64m.exe DWrvg
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntqtdl.exe DWrvg
O4 - HKLM\..\Run: [{77d29295-1377-9687-127e-0956b643f90a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll" DllStart
O4 - HKLM\..\Run: [{9398bbf1-4809-1117-c19c-3802f3ca4100}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\xnnkiqlpgou.dll" DllStart
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\iolo\common\firewall\ifw_xfilter.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 8314 bytes

Hi evilmuffin

That's looking a bit better now.
Let's have a better look at what's left.

Please download ComboFix

**Note: It is important that it is saved directly to your desktop**

There are full instructions on how to download and run ComboFix here:
How to use ComboFix
Please follow all the instructions to the letter...(this is very important)

Please ensure that you install the Recovery Console.
If it's not already installed on your machine

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

Note: Do not mouseclick combofix's window while its running. This may cause it to stall

When finished, it will produce a log for you. Post that log in your next reply.

In your next reply, please submit:
Combofix.txt
and a new Hjt log

Thanks.

ComboFix 08-10-03.01 - krazyCarl 2008-10-03 15:27:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.428 [GMT -6:00]
Running from: C:\Documents and Settings\krazyCarl\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\krazyCarl\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\msssc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV


((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-09-27 18:31 . 2008-09-27 18:33 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-27 18:31 . 2008-09-27 18:31 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Malwarebytes
2008-09-27 18:31 . 2008-09-27 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-27 18:31 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-27 18:31 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 18:11 . 2008-09-27 18:11 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-09-27 18:09 . 2008-09-27 18:09 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-27 18:01 . 2008-09-27 18:24 <DIR> d-------- C:\SDFix
2008-09-26 12:30 . 2008-09-26 12:30 186,368 --a------ C:\Documents and Settings\All Users\mQeVS.exe
2008-09-25 19:59 . 2008-09-27 17:59 <DIR> d-------- C:\stop the spammin
2008-09-25 19:59 . 2008-09-25 19:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-25 19:58 . 2008-09-25 19:58 <DIR> d-------- C:\Spybot search and destroy
2008-09-20 16:55 . 2008-09-20 16:55 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-20 16:55 . 2008-09-20 16:55 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-20 16:55 . 2008-09-20 16:55 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-20 16:55 . 2008-09-20 16:55 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-20 16:48 . 2008-09-20 16:48 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-18 15:08 . 2007-04-17 03:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-18 15:08 . 2007-03-07 23:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-18 15:08 . 2008-06-23 10:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-18 15:08 . 2008-06-23 10:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-18 15:08 . 2008-06-23 10:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-18 15:08 . 2008-06-23 10:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-18 15:08 . 2008-06-23 10:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-18 15:08 . 2008-06-23 03:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-18 15:07 . 2008-06-23 10:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-18 11:42 . 2008-09-18 11:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-09-18 11:41 . 2008-09-18 11:41 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-16 20:14 . 2008-09-16 20:16 <DIR> d-------- C:\Program Files\VirtualDJ
2008-09-15 21:58 . 2008-09-15 21:58 <DIR> d-------- C:\Program Files\Vstplugins
2008-09-15 21:53 . 2008-09-15 21:53 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Publish Providers
2008-09-15 21:53 . 2008-09-15 21:53 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\NetMedia Providers
2008-09-15 21:50 . 2008-09-15 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-09-15 21:48 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-09-15 21:48 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-09-15 21:48 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-09-15 21:46 . 2008-09-15 21:46 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-09-15 21:35 . 2008-09-15 21:35 <DIR> d-------- C:\Program Files\Audacity
2008-09-15 21:17 . 2008-09-15 21:18 44 --a------ C:\WINDOWS\SMWizard.INI
2008-09-15 21:12 . 2008-09-28 13:04 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-15 21:10 . 2008-09-15 21:10 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-15 21:10 . 2008-09-15 21:10 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-15 21:10 . 2008-09-15 21:10 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-09-15 21:10 . 2008-09-15 21:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-15 21:09 . 2008-09-27 18:20 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-15 21:09 . 2008-09-15 21:09 <DIR> d-------- C:\Program Files\AVG
2008-09-15 21:09 . 2008-09-15 21:35 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\AVGTOOLBAR
2008-09-15 21:09 . 2008-09-15 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-15 15:14 . 2008-09-15 15:14 <DIR> d-------- C:\WINDOWS\Sun
2008-09-14 18:24 . 2008-09-14 18:24 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Lavasoft
2008-09-14 18:24 . 2008-09-21 21:36 <DIR> d-------- C:\Ad-Aware SE Plus
2008-09-13 22:13 . 2008-09-13 22:13 9,662 --a------ C:\WINDOWS\system32\pinkip.ico
2008-09-13 15:41 . 2008-09-13 15:41 <DIR> d-------- C:\Program Files\DivX
2008-09-13 14:13 . 2008-09-13 14:13 64,859 --a------ C:\WINDOWS\system32\xuxsonbpspovpsj.exe
2008-09-12 20:46 . 2008-09-12 20:46 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Sony Setup
2008-09-12 20:35 . 2008-09-15 21:53 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Sony
2008-09-12 20:33 . 2008-09-15 21:43 <DIR> d-------- C:\Program Files\Sony
2008-09-12 20:33 . 2001-10-19 15:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2008-09-12 20:33 . 2001-10-19 15:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2008-09-12 20:33 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-09-12 20:33 . 2001-10-19 15:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-09-12 20:33 . 2001-10-19 03:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2008-09-12 20:33 . 2008-09-12 20:33 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-09-12 20:31 . 2008-09-15 21:41 <DIR> d-------- C:\Program Files\Sony Setup
2008-09-12 00:07 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-09-12 00:07 . 2004-08-03 22:41 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2008-09-12 00:07 . 2004-08-03 22:41 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2008-09-12 00:07 . 2008-04-13 18:12 73,796 --------- C:\WINDOWS\system32\slserv.exe
2008-09-12 00:07 . 2008-04-13 18:12 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2008-09-12 00:07 . 2008-04-13 18:12 32,866 --------- C:\WINDOWS\slrundll.exe
2008-09-12 00:07 . 2008-04-13 18:12 20,992 --------- C:\WINDOWS\system32\spupdwxp.exe
2008-09-12 00:07 . 2004-08-03 22:41 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2008-09-12 00:07 . 2008-04-13 18:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-09-12 00:07 . 2008-04-13 12:36 5,888 --------- C:\WINDOWS\system32\drivers\smbali.sys
2008-09-12 00:05 . 2008-04-13 18:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-12 00:04 . 2008-04-13 18:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-09-12 00:04 . 2008-04-13 18:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-12 00:04 . 2008-04-13 18:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-12 00:04 . 2008-04-13 18:11 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-12 00:04 . 2008-04-13 18:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-09-12 00:04 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-09-12 00:03 . 2008-04-13 18:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-09-12 00:03 . 2008-04-13 18:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-09-12 00:03 . 2008-04-13 18:12 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-09-12 00:03 . 2008-04-13 18:12 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-09-12 00:03 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-09-12 00:03 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-09-12 00:03 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-09-12 00:03 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-09-12 00:03 . 2007-06-20 23:52 974 --------- C:\WINDOWS\system32\pid.inf
2008-09-12 00:01 . 2008-04-13 18:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-11 03:02 . 2008-09-11 03:02 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-10 19:18 . 2008-06-13 05:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-10 19:18 . 2008-06-13 05:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-10 19:17 . 2008-05-08 08:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-10 19:17 . 2006-03-20 21:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-09-10 19:16 . 2008-04-11 13:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-10 14:08 . 2008-09-10 14:08 <DIR> d--hs---- C:\Documents and Settings\krazyCarl\UserData
2008-09-10 00:31 . 2008-09-16 19:23 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-09 21:07 . 2008-09-09 21:07 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Apple Computer
2008-09-09 21:06 . 2008-09-09 21:06 <DIR> d-------- C:\Program Files\iPod
2008-09-09 21:06 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-09 21:06 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-09 21:05 . 2008-09-09 21:06 <DIR> d-------- C:\Program Files\iTunes
2008-09-09 21:05 . 2008-09-09 21:05 <DIR> d-------- C:\Program Files\Bonjour
2008-09-09 21:05 . 2008-09-09 21:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 21:03 . 2008-09-09 21:04 <DIR> d-------- C:\Program Files\QuickTime
2008-09-09 21:03 . 2008-09-09 21:03 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-09 21:03 . 2008-09-09 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-09 21:02 . 2008-09-09 21:02 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-09 21:02 . 2008-09-09 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-09 19:03 . 2008-09-12 21:16 <DIR> d-------- C:\Program Files\Three Rings Design
2008-09-09 18:56 . 2008-09-09 18:56 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-09-09 18:54 . 2008-09-09 18:54 432 --a------ C:\WINDOWS\system32\iolo.ini
2008-09-09 18:48 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-09-09 18:48 . 2008-09-09 18:48 376 --a------ C:\WINDOWS\ODBC.INI
2008-09-09 18:46 . 2008-09-09 18:46 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-09-09 18:45 . 2008-09-09 18:45 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-09-09 18:43 . 2008-09-09 18:43 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-09 18:42 . 2008-09-09 18:45 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-09 18:42 . 2008-09-09 18:42 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-09 18:40 . 2008-09-09 18:40 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-09-09 18:39 . 2008-09-09 18:39 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Nero
2008-09-09 18:29 . 2008-09-09 18:29 <DIR> d-------- C:\Program Files\Nero
2008-09-09 18:29 . 2008-09-09 18:37 <DIR> d-------- C:\Program Files\Common Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 23:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-05 23:18 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-05 23:12 --------- d-----w C:\Program Files\Windows Plus
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"AWMON"="C:\Ad-Aware SE Plus\Ad-Watch.exe" [2008-09-14 517632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-15 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-15 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-15 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-15 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-15 76040]
R2 sprtlisten;SupportSoft Listener Service;C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
S0 standkqj;standkqj;C:\WINDOWS\system32\drivers\ncbeaojl.dat [ ]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [ ]
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [ ]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS [2001-08-17 26568]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 17142]
S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;C:\WINDOWS\system32\DRIVERS\wind502u.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{1B173FCC-7180-4AB5-8D95-59DA8D91FBB4} - C:\WINDOWS\system32\alrsv.dll
HKCU-Run-VnrPack20 - C:\Program Files\VnrPack\VnrPack20.exe
HKCU-Run-VnrBlock20 - C:\Program Files\VnrBlock\VnrBlock20.exe
HKCU-Run-GetPack21 - C:\Program Files\GetPack\GetPack21.exe
HKLM-Run-SMSystemAnalyzer - C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
HKLM-Run-iolo AntiVirus - C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe
HKLM-Run-iolo Personal Firewall - C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe
HKLM-Run-{07-78-8C-CF-DW} - C:\windows\system32\rmwnw64m.exe
HKLM-Run-{77d29295-1377-9687-127e-0956b643f90a} - C:\WINDOWS\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll
HKLM-Run-{9398bbf1-4809-1117-c19c-3802f3ca4100} - C:\WINDOWS\system32\xnnkiqlpgou.dll
HKLM-Run-ExploreUpdSched - C:\WINDOWS\system32\mcntqtdl.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.myspace.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 15:33:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\fc9f618d-62c7-4819-abea-ba4d40576d87.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\standkqj]
"ImagePath"="system32\drivers\ncbeaojl.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-10-03 15:39:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-03 21:39:07

Pre-Run: 71,300,304,896 bytes free
Post-Run: 71,229,681,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

274 --- E O F --- 2008-09-22 07:06:57




and hijackthis...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:30 PM, on 10/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 7044 bytes

Hi evilmuffin

Before we continue, could you check out a file for me please:

Step 1
Make sure that you can see hidden files.

1. Click Start.
2. Click My Computer.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide protected operating system files (recommended) option.
7. Click Yes to confirm.
8. Uncheck the Hide file extensions for known file types.
9. Click OK.

Step 2
Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\system32\xuxsonbpspovpsj.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Thanks.

MD5: 6580ee03530f2d9041b7bd0952e301dd
First received: 08.09.2008 00:59:05 (CET)
Date: 09.14.2008 11:21:37 (CET) [>21D]
Results: 1/36
Permalink: analisis/551e61f879189bc616b95dca5342a23c


Antivirus Version Last Update Result
AhnLab-V3 2008.10.3.2 2008.10.03 -
AntiVir 7.8.1.34 2008.10.04 -
Authentium 5.1.0.4 2008.10.05 -
Avast 4.8.1248.0 2008.10.04 -
AVG 8.0.0.161 2008.10.05 -
BitDefender 7.2 2008.10.05 -
CAT-QuickHeal 9.50 2008.10.04 -
ClamAV 0.93.1 2008.10.05 -
DrWeb 4.44.0.09170 2008.10.05 -
eSafe 7.0.17.0 2008.10.05 -
eTrust-Vet 31.6.6129 2008.10.04 -
Ewido 4.0 2008.10.05 -
F-Prot 4.4.4.56 2008.10.05 -
F-Secure 8.0.14332.0 2008.10.05 -
Fortinet 3.113.0.0 2008.10.04 -
GData 19 2008.10.05 -
Ikarus T3.1.1.34.0 2008.10.05 -
K7AntiVirus 7.10.484 2008.10.04 -
Kaspersky 7.0.0.125 2008.10.05 -
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.05 -
NOD32 3495 2008.10.04 -
Norman 5.80.02 2008.10.03 -
Panda 9.0.0.4 2008.10.05 -
PCTools 4.4.2.0 2008.10.05 -
Prevx1 V2 2008.10.05 Cloaked Malware
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.05 -
Sophos 4.34.0 2008.10.05 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.05 -
TheHacker 6.3.1.0.101 2008.10.04 -
TrendMicro 8.700.0.1004 2008.10.03 -
VBA32 3.12.8.6 2008.10.05 -
ViRobot 2008.10.4.1406 2008.10.04 -
VirusBuster 4.5.11.0 2008.10.05 -
Additional information
File size: 64859 bytes
MD5...: 6580ee03530f2d9041b7bd0952e301dd
SHA1..: 5010b2561a9e38e19e5f95f855397e3f77363853
SHA256: 0441d482180daa775e25e1f6d7f357e567d44c6132482acc9bb6ebf078b30b07
SHA512: b2a4cf445a13537ff0fa822079429626259f616c4eee9f6973b204ed66f01f00
d56029737c107d298ebff9db3eea2092b215cc3d41498cce944dbb09f4899682
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403225
timedatestamp.....: 0x481c71ea (Sat May 03 14:08:42 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5934 0x5a00 6.46 663546ac41801daf2dc51f560ec05a56
.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75
.data 0x9000 0x1af98 0x400 4.70 f0511f18783910813a0de0de02bc1206
.ndata 0x24000 0xc000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x30000 0x908 0xa00 3.84 015681cb056ddb9db817315c7407bfda

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindow-- The nicest hobby on Earth ;) --, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )

Prevx info: http://info.prevx.com/aboutprogramtext.asp...6D56D00EDA29F88

Hi evilmuffin

Thanks for doing that.

Ok, a little bit to do this time.

Step 1
Let's reset some of your file associations:

Download Deckard's Association File Tool (DAFT) and save it to your desktop.

• Double click on it to run.
• Read the disclaimer and click OK.
• Click on the Scan button.
• If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a checkmark (tick) in those boxes.
• Click the Fix button.

Step 2
Close any open browsers.
Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text and pressing Ctrl+C

Go to the Notepad window and click Edit >> Paste
Then click File >> Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

The main ComboFix.exe program should be on your Desktop
Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
as below.


Now please wait for ComboFix to finish running.

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash

Step 3
Please do an online scan with Kaspersky WebScanner.
Notes
Java must be installed and enabled for the scan to work.
Disable your computer's antivirus program as leaving it active will cause conflicts

• Close ALL programs and windows except for your browser
  Please go to Online Kaspersky Scan and perform an online antivirus scan.
• Read through the Requirements and limitations statement and click on the Accept button.
• You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
• When the downloads have finished, the scrolling window will show 'Database is updated. Ready to scan'. Click on the Settings button at the bottom left.
• Make sure these boxes are checked/ticked. If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan on the left. OK any warnings from your protection programs.
• Go for a long walk. Please be patient and let the scanner finish. It is better that you do NOT use the computer while the scan is running. Keep all other programs/windows closed.
• Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
• Click on Save Report As... and change the Files of type to Text file (.txt)
• Name the file KAVScan-ddmmyy before clicking on the Save button. Save the report to a convenient place - for example the Desktop.
• Please post this log in your next reply.

Note - enable your antivirus program before browsing away from the Kaspersky site.

Go to the Desktop and double-click on the Kaspersky report KAVScan-ddmmyy.txt, it will open in Notepad
Click Edit > Select all then Edit > Copy
Reply to this thread and paste (Ctrl+V) the report.

In your next reply, please submit:
New Combofix.txt
Kaspersky scan results
and a new Hjt log

How's the system running now?

Thanks.

ComboFix 08-10-05.03 - krazyCarl 2008-10-05 17:18:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.648 [GMT -6:00]
Running from: C:\Documents and Settings\krazyCarl\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\krazyCarl\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\drivers\ncbeaojl.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\krazyCarl\Cookies\krazycarl@cubics[1].txt
C:\WINDOWS\system32\xuxsonbpspovpsj.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IOLOFILEINFOLIST
-------\Legacy_IOLOSYSTEMSERVICE
-------\Legacy_STANDKQJ
-------\Service_ioloFileInfoList
-------\Service_ioloSystemService


((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.

2008-09-27 18:31 . 2008-09-27 18:33 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-27 18:31 . 2008-09-27 18:31 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Malwarebytes
2008-09-27 18:31 . 2008-09-27 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-27 18:31 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-27 18:31 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 18:11 . 2008-09-27 18:11 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-09-27 18:09 . 2008-09-27 18:09 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-27 18:01 . 2008-09-27 18:24 <DIR> d-------- C:\SDFix
2008-09-26 12:30 . 2008-09-26 12:30 186,368 --a------ C:\Documents and Settings\All Users\mQeVS.exe
2008-09-25 19:59 . 2008-09-27 17:59 <DIR> d-------- C:\stop the spammin
2008-09-25 19:59 . 2008-09-25 19:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-25 19:58 . 2008-09-25 19:58 <DIR> d-------- C:\Spybot search and destroy
2008-09-20 16:55 . 2008-09-20 16:55 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-20 16:55 . 2008-09-20 16:55 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-20 16:55 . 2008-09-20 16:55 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-20 16:55 . 2008-09-20 16:55 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-20 16:48 . 2008-09-20 16:48 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-18 15:08 . 2007-04-17 03:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-18 15:08 . 2007-03-07 23:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-18 15:08 . 2008-06-23 10:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-18 15:08 . 2008-06-23 10:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-18 15:08 . 2008-06-23 10:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-18 15:08 . 2008-06-23 10:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-18 15:08 . 2008-06-23 10:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-18 15:08 . 2008-06-23 03:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-18 15:07 . 2008-06-23 10:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-18 11:42 . 2008-09-18 11:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-09-18 11:41 . 2008-09-18 11:41 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-16 20:14 . 2008-09-16 20:16 <DIR> d-------- C:\Program Files\VirtualDJ
2008-09-15 21:58 . 2008-09-15 21:58 <DIR> d-------- C:\Program Files\Vstplugins
2008-09-15 21:53 . 2008-09-15 21:53 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Publish Providers
2008-09-15 21:53 . 2008-09-15 21:53 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\NetMedia Providers
2008-09-15 21:50 . 2008-09-15 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-09-15 21:48 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-09-15 21:48 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-09-15 21:48 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-09-15 21:46 . 2008-09-15 21:46 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-09-15 21:35 . 2008-09-15 21:35 <DIR> d-------- C:\Program Files\Audacity
2008-09-15 21:17 . 2008-09-15 21:18 44 --a------ C:\WINDOWS\SMWizard.INI
2008-09-15 21:12 . 2008-09-28 13:04 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-15 21:10 . 2008-09-15 21:10 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-15 21:10 . 2008-09-15 21:10 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-15 21:10 . 2008-09-15 21:10 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-09-15 21:10 . 2008-09-15 21:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-15 21:09 . 2008-10-05 17:01 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-15 21:09 . 2008-09-15 21:09 <DIR> d-------- C:\Program Files\AVG
2008-09-15 21:09 . 2008-09-15 21:35 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\AVGTOOLBAR
2008-09-15 21:09 . 2008-09-15 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-15 15:14 . 2008-09-15 15:14 <DIR> d-------- C:\WINDOWS\Sun
2008-09-14 18:24 . 2008-09-14 18:24 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Lavasoft
2008-09-14 18:24 . 2008-10-05 16:52 <DIR> d-------- C:\Ad-Aware SE Plus
2008-09-13 22:13 . 2008-09-13 22:13 9,662 --a------ C:\WINDOWS\system32\pinkip.ico
2008-09-13 15:41 . 2008-09-13 15:41 <DIR> d-------- C:\Program Files\DivX
2008-09-12 20:46 . 2008-09-12 20:46 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Sony Setup
2008-09-12 20:35 . 2008-09-15 21:53 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Sony
2008-09-12 20:33 . 2008-09-15 21:43 <DIR> d-------- C:\Program Files\Sony
2008-09-12 20:33 . 2001-10-19 15:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2008-09-12 20:33 . 2001-10-19 15:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2008-09-12 20:33 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-09-12 20:33 . 2001-10-19 15:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-09-12 20:33 . 2001-10-19 03:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2008-09-12 20:33 . 2008-09-12 20:33 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-09-12 20:31 . 2008-09-15 21:41 <DIR> d-------- C:\Program Files\Sony Setup
2008-09-12 00:07 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-09-12 00:07 . 2004-08-03 22:41 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2008-09-12 00:07 . 2004-08-03 22:41 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2008-09-12 00:07 . 2008-04-13 18:12 73,796 --------- C:\WINDOWS\system32\slserv.exe
2008-09-12 00:07 . 2008-04-13 18:12 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2008-09-12 00:07 . 2008-04-13 18:12 32,866 --------- C:\WINDOWS\slrundll.exe
2008-09-12 00:07 . 2008-04-13 18:12 20,992 --------- C:\WINDOWS\system32\spupdwxp.exe
2008-09-12 00:07 . 2004-08-03 22:41 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2008-09-12 00:07 . 2008-04-13 18:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-09-12 00:07 . 2008-04-13 12:36 5,888 --------- C:\WINDOWS\system32\drivers\smbali.sys
2008-09-12 00:05 . 2008-04-13 18:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-12 00:04 . 2008-04-13 18:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-09-12 00:04 . 2008-04-13 18:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-12 00:04 . 2008-04-13 18:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-12 00:04 . 2008-04-13 18:11 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-12 00:04 . 2008-04-13 18:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-09-12 00:04 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-09-12 00:03 . 2008-04-13 18:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-09-12 00:03 . 2008-04-13 18:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-09-12 00:03 . 2008-04-13 18:12 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-09-12 00:03 . 2008-04-13 18:12 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-09-12 00:03 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-09-12 00:03 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-09-12 00:03 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-09-12 00:03 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-09-12 00:03 . 2007-06-20 23:52 974 --------- C:\WINDOWS\system32\pid.inf
2008-09-12 00:01 . 2008-04-13 18:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-11 03:02 . 2008-09-11 03:02 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-10 19:18 . 2008-06-13 05:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-10 19:18 . 2008-06-13 05:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-10 19:17 . 2008-05-08 08:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-10 19:17 . 2006-03-20 21:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-09-10 19:16 . 2008-04-11 13:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-10 14:08 . 2008-09-10 14:08 <DIR> d--hs---- C:\Documents and Settings\krazyCarl\UserData
2008-09-10 00:31 . 2008-09-16 19:23 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-09 21:07 . 2008-09-09 21:07 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Apple Computer
2008-09-09 21:06 . 2008-09-09 21:06 <DIR> d-------- C:\Program Files\iPod
2008-09-09 21:06 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-09 21:06 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-09 21:05 . 2008-09-09 21:06 <DIR> d-------- C:\Program Files\iTunes
2008-09-09 21:05 . 2008-09-09 21:05 <DIR> d-------- C:\Program Files\Bonjour
2008-09-09 21:05 . 2008-09-09 21:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 21:03 . 2008-09-09 21:04 <DIR> d-------- C:\Program Files\QuickTime
2008-09-09 21:03 . 2008-09-09 21:03 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-09 21:03 . 2008-09-09 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-09 21:02 . 2008-09-09 21:02 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-09 21:02 . 2008-09-09 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-09 19:03 . 2008-09-12 21:16 <DIR> d-------- C:\Program Files\Three Rings Design
2008-09-09 18:56 . 2008-09-09 18:56 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-09-09 18:54 . 2008-09-09 18:54 432 --a------ C:\WINDOWS\system32\iolo.ini
2008-09-09 18:48 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-09-09 18:48 . 2008-09-09 18:48 376 --a------ C:\WINDOWS\ODBC.INI
2008-09-09 18:46 . 2008-09-09 18:46 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-09-09 18:45 . 2008-09-09 18:45 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-09-09 18:43 . 2008-09-09 18:43 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-09 18:42 . 2008-09-09 18:45 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-09 18:42 . 2008-09-09 18:42 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-09 18:40 . 2008-09-09 18:40 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-09-09 18:39 . 2008-09-09 18:39 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Nero
2008-09-09 18:29 . 2008-09-09 18:29 <DIR> d-------- C:\Program Files\Nero
2008-09-09 18:29 . 2008-09-09 18:37 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-09-09 18:29 . 2008-09-09 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 23:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-05 23:18 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-05 23:12 --------- d-----w C:\Program Files\Windows Plus
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"VnrPack20"="C:\Program Files\VnrPack\VnrPack20.exe" [BU]
"VnrBlock20"="C:\Program Files\VnrBlock\VnrBlock20.exe" [BU]
"GetPack21"="C:\Program Files\GetPack\GetPack21.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [BU]
"iolo AntiVirus"="C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" [BU]
"{07-78-8C-CF-DW}"="C:\windows\system32\rmwnw64m.exe" [BU]
"{77d29295-1377-9687-127e-0956b643f90a}"="C:\WINDOWS\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll" [BU]
"iolo Personal Firewall"="C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" [BU]
"{9398bbf1-4809-1117-c19c-3802f3ca4100}"="C:\WINDOWS\system32\xnnkiqlpgou.dll" [BU]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-15 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-15 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-15 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-15 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-15 76040]
R2 sprtlisten;SupportSoft Listener Service;C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS [2001-08-17 26568]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 17142]
S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;C:\WINDOWS\system32\DRIVERS\wind502u.sys [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-10-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 17:25:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2008-10-05 17:30:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-05 23:30:44
ComboFix2.txt 2008-10-03 21:39:22

Pre-Run: 71,184,027,648 bytes free
Post-Run: 71,172,829,184 bytes free

253 --- E O F --- 2008-09-22 07:06:57



and kaspersky scan....

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, October 5, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, October 05, 2008 23:49:40
Records in database: 1293766
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 44140
Threat name: 1
Infected objects: 0
Suspicious objects: 4
Duration of the scan: 00:46:43


File name / Threat name / Threats count
C:\Documents and Settings\krazyCarl\Desktop\SDFix.exe Suspicious: Password-protected-EXE 2
C:\SDFix\apps\procs.zip Suspicious: Password-protected-EXE 1
C:\SDFix\apps\RestartIt!.zip Suspicious: Password-protected-EXE 1

The selected area was scanned.



and hijackthis....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:34 PM, on 10/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Ad-Aware SE Plus\Ad-Aware.exe
C:\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [{07-78-8C-CF-DW}] C:\windows\system32\rmwnw64m.exe DWrvg
O4 - HKLM\..\Run: [{77d29295-1377-9687-127e-0956b643f90a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll" DllStart
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKLM\..\Run: [{9398bbf1-4809-1117-c19c-3802f3ca4100}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\xnnkiqlpgou.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntqtdl.exe DWrvg
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - HKCU\..\Run: [AWMON] "C:\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 7495 bytes




the system is running better already, no more popups but tracking cookies left and right...but when i scan ad-aware, i still get a critical object detected that can't be removed...i've tried quarantining it and deleting it but when i scan it again, it's still there...

Hi evilmuffin

That's odd, some of the old infections have returned!!

Step 1
Please disable AD-AWARE AD-WATCH as it may interfere with our fix.

* Right click on the Ad-Watch icon in the system tray.
* At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
o Active: This will turn Ad-Watch On\Off without closing it.
o Automatic: Suspicious activity will be blocked automatically.
* Uncheck both of those boxes.

* (When you are clean, you can re-enable it using the same steps but this time check both boxes.)

Step 2
Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
• Finally copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.

In your next reply, please submit:
SDFix report
and a new Hjt log


Thanks.

here's an error message i get every time i start up the computer...




here's the sdfix...



SDFix: Version 1.229
Run by Administrator on Mon 10/06/2008 at 11:47 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 23:52:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :


Finished!




and here's hijackthis......


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:43 AM, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [{07-78-8C-CF-DW}] C:\windows\system32\rmwnw64m.exe DWrvg
O4 - HKLM\..\Run: [{77d29295-1377-9687-127e-0956b643f90a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll" DllStart
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKLM\..\Run: [{9398bbf1-4809-1117-c19c-3802f3ca4100}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\xnnkiqlpgou.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntqtdl.exe DWrvg
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - HKCU\..\Run: [AWMON] "C:\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 7413 bytes

Hi evilmuffin

Run Hijackthis again, click scan, and Put a checkmark next to each of these items.
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [{07-78-8C-CF-DW}] C:\windows\system32\rmwnw64m.exe DWrvg
O4 - HKLM\..\Run: [{77d29295-1377-9687-127e-0956b643f90a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll" DllStart
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKLM\..\Run: [{9398bbf1-4809-1117-c19c-3802f3ca4100}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\xnnkiqlpgou.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntqtdl.exe DWrvg
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"

Then close all other windows, browsers etc--you should only see HijackThis on your Desktop--and click the Fix Checked button.

Reboot your computer to complete the process.

See if this get's rid of those error messages.

Please post back a new Hjt log.

Thanks.

those error messages still popped up when i restarted the computer after hijackthis...odd thing is...when i ran hijackthis again after restarted, it's as if i never deleted them and they show right back up, here's the hijackthis log....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:41 PM, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wpabaln.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [{07-78-8C-CF-DW}] C:\windows\system32\rmwnw64m.exe DWrvg
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntqtdl.exe DWrvg
O4 - HKLM\..\Run: [{77d29295-1377-9687-127e-0956b643f90a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll" DllStart
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKLM\..\Run: [{9398bbf1-4809-1117-c19c-3802f3ca4100}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\xnnkiqlpgou.dll" DllStart
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 7461 bytes

i also get this as soon as i start up the computer, every time...it's trying to modify my registry...

Hi evilmuffin

Close any open browsers.
Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text and pressing Ctrl+C

Go to the Notepad window and click Edit >> Paste
Then click File >> Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

The main ComboFix.exe program should be on your Desktop
Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
as below.


Now please wait for ComboFix to finish running.

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash

In your next reply, please submit:
New Combofix.txt
and a new Hjt log

Thanks.

ComboFix 08-10-07.06 - krazyCarl 2008-10-07 22:25:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.634 [GMT -6:00]
Running from: C:\Documents and Settings\krazyCarl\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\krazyCarl\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll
C:\WINDOWS\system32\iolo.ini
C:\WINDOWS\system32\ioloBootDefrag.cfg
C:\windows\system32\rmwnw64m.exe
C:\WINDOWS\system32\xnnkiqlpgou.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\iolo
C:\Program Files\iolo\Common\Lib\is-7BT6H.tmp
C:\Program Files\iolo\Common\Lib\is-9TSUS.tmp
C:\Program Files\iolo\Common\Lib\is-B8JKT.tmp
C:\Program Files\iolo\Common\Lib\is-P7JPQ.tmp
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\is-QADQR.tmp
C:\Program Files\iolo\System Mechanic Professional 7\is-A1B6K.tmp
C:\SDFix
C:\SDFix\Add_DBFix_RunOnce_key.inf
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\Cghtme.exe
C:\SDFix\apps\clb1.txt
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\DBFix.inf
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.inf
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBeep.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HaxdFix.reg
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\HPFix9.reg
C:\SDFix\apps\Installed.txt
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\moveex.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\NewFolder.zip
C:\SDFix\apps\NewFolder\FIXLM.reg
C:\SDFix\apps\NewFolder\FixPath.exe
C:\SDFix\apps\NewFolder\FixRedir.reg
C:\SDFix\apps\NewFolder\FixSchedule.reg
C:\SDFix\apps\NewFolder\FixWebCheck.reg
C:\SDFix\apps\NewFolder\fixXP.reg
C:\SDFix\apps\NewFolder\FixXPsp2.reg
C:\SDFix\apps\NewFolder\grep.exe
C:\SDFix\apps\NewFolder\HaxdFix.reg
C:\SDFix\apps\NewFolder\HPFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\procs.zip
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\w2k\AUTOEXEC.NT
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\command.com
C:\SDFix\apps\Replace\w2k\command.PIF
C:\SDFix\apps\Replace\w2k\CONFIG.NT
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\xp\AUTOEXEC.NT
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\command.com
C:\SDFix\apps\Replace\xp\command.PIF
C:\SDFix\apps\Replace\xp\CONFIG.NT
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\RestartIt!.zip
C:\SDFix\apps\Restore_SafeBoot_Windows2000.reg
C:\SDFix\apps\Restore_SafeBoot_WindowsXP.reg
C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\Swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\catchme.log
C:\SDFix\backups\HOSTS
C:\SDFix\backups_old\backupreg.zip
C:\SDFix\backups_old\backups.zip
C:\SDFix\backups_old\catchme.log
C:\SDFix\backups_old\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\DBFix.bat
C:\SDFix\dummy.sys
C:\SDFix\Report.txt
C:\SDFix\Report_old_1.txt
C:\SDFix\Report2.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\SDFix\VirusAlertRepair.inf
C:\SDFix\W2K_VirusAlert_Repair.inf
C:\SDFix\XP_VirusAlert_Repair.inf
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\iolo.ini
C:\WINDOWS\system32\ioloBootDefrag.cfg

.
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.

2008-09-27 18:31 . 2008-09-27 18:33 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-27 18:31 . 2008-09-27 18:31 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Malwarebytes
2008-09-27 18:31 . 2008-09-27 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-27 18:31 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-27 18:31 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 18:11 . 2008-09-27 18:11 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-09-27 18:09 . 2008-09-27 18:09 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-26 12:30 . 2008-09-26 12:30 186,368 --a------ C:\Documents and Settings\All Users\mQeVS.exe
2008-09-25 19:59 . 2008-09-27 17:59 <DIR> d-------- C:\stop the spammin
2008-09-25 19:59 . 2008-09-25 19:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-25 19:58 . 2008-09-25 19:58 <DIR> d-------- C:\Spybot search and destroy
2008-09-20 16:55 . 2008-09-20 16:55 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-20 16:55 . 2008-09-20 16:55 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-20 16:55 . 2008-09-20 16:55 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-20 16:55 . 2008-09-20 16:55 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-20 16:48 . 2008-09-20 16:48 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-18 15:08 . 2007-04-17 03:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-18 15:08 . 2007-03-07 23:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-18 15:08 . 2008-06-23 10:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-18 15:08 . 2008-06-23 10:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-18 15:08 . 2008-06-23 10:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-18 15:08 . 2008-06-23 10:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-18 15:08 . 2008-06-23 10:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-18 15:08 . 2008-06-23 03:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-18 15:07 . 2008-06-23 10:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-18 11:42 . 2008-09-18 11:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-09-18 11:41 . 2008-09-18 11:41 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-16 20:14 . 2008-09-16 20:16 <DIR> d-------- C:\Program Files\VirtualDJ
2008-09-15 21:58 . 2008-09-15 21:58 <DIR> d-------- C:\Program Files\Vstplugins
2008-09-15 21:53 . 2008-09-15 21:53 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Publish Providers
2008-09-15 21:53 . 2008-09-15 21:53 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\NetMedia Providers
2008-09-15 21:50 . 2008-09-15 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-09-15 21:48 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-09-15 21:48 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-09-15 21:48 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-09-15 21:46 . 2008-09-15 21:46 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-09-15 21:35 . 2008-09-15 21:35 <DIR> d-------- C:\Program Files\Audacity
2008-09-15 21:17 . 2008-09-15 21:18 44 --a------ C:\WINDOWS\SMWizard.INI
2008-09-15 21:12 . 2008-09-28 13:04 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-15 21:10 . 2008-09-15 21:10 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-15 21:10 . 2008-09-15 21:10 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-15 21:10 . 2008-09-15 21:10 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-09-15 21:10 . 2008-09-15 21:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-15 21:09 . 2008-10-07 14:34 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-15 21:09 . 2008-09-15 21:09 <DIR> d-------- C:\Program Files\AVG
2008-09-15 21:09 . 2008-09-15 21:35 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\AVGTOOLBAR
2008-09-15 21:09 . 2008-09-15 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-15 15:14 . 2008-09-15 15:14 <DIR> d-------- C:\WINDOWS\Sun
2008-09-14 18:24 . 2008-09-14 18:24 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Lavasoft
2008-09-14 18:24 . 2008-10-05 16:52 <DIR> d-------- C:\Ad-Aware SE Plus
2008-09-13 22:13 . 2008-09-13 22:13 9,662 --a------ C:\WINDOWS\system32\pinkip.ico
2008-09-13 15:41 . 2008-09-13 15:41 <DIR> d-------- C:\Program Files\DivX
2008-09-12 20:46 . 2008-09-12 20:46 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Sony Setup
2008-09-12 20:35 . 2008-09-15 21:53 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Sony
2008-09-12 20:33 . 2008-09-15 21:43 <DIR> d-------- C:\Program Files\Sony
2008-09-12 20:33 . 2001-10-19 15:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2008-09-12 20:33 . 2001-10-19 15:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2008-09-12 20:33 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-09-12 20:33 . 2001-10-19 15:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-09-12 20:33 . 2001-10-19 03:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2008-09-12 20:33 . 2008-09-12 20:33 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-09-12 20:31 . 2008-09-15 21:41 <DIR> d-------- C:\Program Files\Sony Setup
2008-09-12 00:07 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-09-12 00:07 . 2004-08-03 22:41 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2008-09-12 00:07 . 2004-08-03 22:41 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2008-09-12 00:07 . 2008-04-13 18:12 73,796 --------- C:\WINDOWS\system32\slserv.exe
2008-09-12 00:07 . 2008-04-13 18:12 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2008-09-12 00:07 . 2008-04-13 18:12 32,866 --------- C:\WINDOWS\slrundll.exe
2008-09-12 00:07 . 2008-04-13 18:12 20,992 --------- C:\WINDOWS\system32\spupdwxp.exe
2008-09-12 00:07 . 2004-08-03 22:41 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2008-09-12 00:07 . 2008-04-13 18:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-09-12 00:07 . 2008-04-13 12:36 5,888 --------- C:\WINDOWS\system32\drivers\smbali.sys
2008-09-12 00:05 . 2008-04-13 18:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-12 00:04 . 2008-04-13 18:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-09-12 00:04 . 2008-04-13 18:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-12 00:04 . 2008-04-13 18:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-12 00:04 . 2008-04-13 18:11 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-12 00:04 . 2008-04-13 18:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-09-12 00:04 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-09-12 00:03 . 2008-04-13 18:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-09-12 00:03 . 2008-04-13 18:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-09-12 00:03 . 2008-04-13 18:12 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-09-12 00:03 . 2008-04-13 18:12 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-09-12 00:03 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-09-12 00:03 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-09-12 00:03 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-09-12 00:03 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-09-12 00:03 . 2007-06-20 23:52 974 --------- C:\WINDOWS\system32\pid.inf
2008-09-12 00:01 . 2008-04-13 18:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-11 03:02 . 2008-09-11 03:02 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-10 19:18 . 2008-06-13 05:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-10 19:18 . 2008-06-13 05:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-10 19:17 . 2008-05-08 08:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-10 19:17 . 2006-03-20 21:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-09-10 19:16 . 2008-04-11 13:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-10 14:08 . 2008-09-10 14:08 <DIR> d--hs---- C:\Documents and Settings\krazyCarl\UserData
2008-09-10 00:31 . 2008-09-16 19:23 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-09 21:07 . 2008-09-09 21:07 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Apple Computer
2008-09-09 21:06 . 2008-09-09 21:06 <DIR> d-------- C:\Program Files\iPod
2008-09-09 21:06 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-09 21:06 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-09 21:05 . 2008-09-09 21:06 <DIR> d-------- C:\Program Files\iTunes
2008-09-09 21:05 . 2008-09-09 21:05 <DIR> d-------- C:\Program Files\Bonjour
2008-09-09 21:05 . 2008-09-09 21:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 21:03 . 2008-09-09 21:04 <DIR> d-------- C:\Program Files\QuickTime
2008-09-09 21:03 . 2008-09-09 21:03 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-09 21:03 . 2008-09-09 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-09 21:02 . 2008-09-09 21:02 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-09 21:02 . 2008-09-09 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-09 19:03 . 2008-09-12 21:16 <DIR> d-------- C:\Program Files\Three Rings Design
2008-09-09 18:48 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-09-09 18:48 . 2008-09-09 18:48 376 --a------ C:\WINDOWS\ODBC.INI
2008-09-09 18:46 . 2008-09-09 18:46 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-09-09 18:45 . 2008-09-09 18:45 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-09-09 18:43 . 2008-09-09 18:43 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-09 18:42 . 2008-09-09 18:45 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-09 18:42 . 2008-09-09 18:42 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-09 18:40 . 2008-09-09 18:40 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-09-09 18:39 . 2008-09-09 18:39 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Nero
2008-09-09 18:29 . 2008-09-09 18:29 <DIR> d-------- C:\Program Files\Nero
2008-09-09 18:29 . 2008-09-09 18:37 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-09-09 18:29 . 2008-09-09 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-09 18:25 . 2005-09-20 10:31 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2008-09-09 18:19 . 2006-05-26 22:35 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-09-09 18:14 . 2008-09-22 00:03 <DIR> d--h----- C:\WINDOWS\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 03:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 00:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-06 00:05 --------- d-----w C:\Program Files\PC Wizard 2008
2008-09-05 23:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-05 23:18 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-05 23:12 --------- d-----w C:\Program Files\Windows Plus
2008-08-29 16:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 15:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-19 04:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 04:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 04:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 04:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 04:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 04:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 04:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 04:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-03_15.38.31.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-28 00:10:07 2,514,944 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-10-07 05:45:11 471,040 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-09-28 00:10:07 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-10-07 05:45:11 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"AWMON"="C:\Ad-Aware SE Plus\Ad-Watch.exe" [2008-09-14 517632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-15 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-15 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-15 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-15 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-15 76040]
R2 sprtlisten;SupportSoft Listener Service;C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS [2001-08-17 26568]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 17142]
S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;C:\WINDOWS\system32\DRIVERS\wind502u.sys [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-10-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 22:28:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-07 22:30:49
ComboFix-quarantined-files.txt 2008-10-08 04:30:12
ComboFix2.txt 2008-10-05 23:30:50
ComboFix3.txt 2008-10-03 21:39:22

Pre-Run: 71,089,913,856 bytes free
Post-Run: 71,122,186,240 bytes free

368 --- E O F --- 2008-09-22 07:06:57



and hijackthis....



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:12 PM, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 6776 bytes

Hi evilmuffin

That looks better now.
Have the error messages stopped?

Let's just make sure we've got everything now.

Please run a BitDefender Online Scan

• Click I Agree to agree to the EULA.
• Allow the ActiveX control to install when prompted.
• Click Click here to scan to begin the scan.
• Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
• When the scan is finished, click on Click here to export the scan results.
• Save the report to your desktop so you can post it in your next reply.

Note: You will need to use Internet Explorer for this scan.

In your next reply, please submit:
BitDefender scan report

Thanks.

the pop ups are completely gone! :) here's bitdefender
BitDefender Online Scanner



Scan report generated at: Fri, Oct 10, 2008 - 11:09:00





Scan path: A:\;C:\;E:\;







Statistics

Time
01:17:45

Files
151798

Folders
4509

Boot Sectors
0

Archives
2329

Packed Files
7049




Results

Identified Viruses
1

Infected Files
2

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
2




Engines Info

Virus Definitions
1859664

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
16

Archive plugins
43

Unpack plugins
7

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\mQeVS.exe
Infected with: Trojan.FakeAV.1.Gen

C:\Documents and Settings\All Users\mQeVS.exe
Disinfection failed

C:\Documents and Settings\All Users\mQeVS.exe
Deleted

C:\System Volume Information\_restore{935FED8F-82BC-49C9-96A9-D4232446BACE}\RP10\A0005316.exe
Infected with: Trojan.FakeAV.1.Gen

C:\System Volume Information\_restore{935FED8F-82BC-49C9-96A9-D4232446BACE}\RP10\A0005316.exe
Disinfection failed

C:\System Volume Information\_restore{935FED8F-82BC-49C9-96A9-D4232446BACE}\RP10\A0005316.exe
Deleted

Hi evilmuffin

That's all good then.


If you are happy with the way your system is running now, we'll finish off.

Please uninstall ComboFix by
Clicking on Start ...then run ... and type in combofix /u (don't forget there's is a gap between x and /) Then press Ok


If shown the disclaimer, Select "2"

This action will delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Reset System Restore.

To find out how you may have been infected....read this topic:
So how did i get infected?

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Use an AntiVirus Software
  
• Update your AntiVirus Software regularly
  
• Use a Firewall
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
  
• Install Spybot - Search and Destroy
  
• Install Ad-Aware
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Thank you so much! The computer is free of any bastardous virus's trying to break into my computer! Thanks again!

Well, that's one way of putting it
Glad you are happy now.

hi..sorry, these 2 errors are popping up again

what should i do?
i tried doing to same thing with combofix as last time and they still popped up when i restarted the comp.

Hi evilmuffin

If you have downloaded a new version of Combofix, let me have a combofix.txt from it.
If you haven't.... you can get the link from 'post #4'.
Let me have a new Hjt log as well and i'll take a look for you.

ComboFix 08-10-17.01 - krazyCarl 2008-10-18 1:04:02.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.665 [GMT -6:00]
Running from: C:\Documents and Settings\krazyCarl\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\krazyCarl\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll
C:\WINDOWS\system32\iolo.ini
C:\WINDOWS\system32\ioloBootDefrag.cfg
C:\windows\system32\rmwnw64m.exe
C:\WINDOWS\system32\xnnkiqlpgou.dll
.

((((((((((((((((((((((((( Files Created from 2008-09-18 to 2008-10-18 )))))))))))))))))))))))))))))))
.

2008-10-16 20:19 . 2008-10-16 20:19 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-16 02:19 . 2008-10-16 02:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-10-15 19:59 . 2008-05-09 04:53 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll
2008-10-15 05:05 . 2008-10-15 05:05 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-15 00:04 . 2008-09-08 04:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 00:02 . 2008-08-14 04:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 00:02 . 2008-08-14 04:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 00:02 . 2008-08-14 03:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 00:02 . 2008-08-14 03:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 00:02 . 2008-09-15 06:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-12 19:00 . 2008-10-12 19:00 <DIR> d-------- C:\Logs
2008-10-11 13:06 . 2008-10-12 19:09 <DIR> d-------- C:\Program Files\World of Warcraft
2008-10-11 13:06 . 2008-10-11 13:06 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-11 12:55 . 2008-10-11 12:57 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-10-11 12:55 . 2008-10-13 16:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-11 12:12 . 2008-10-11 12:12 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\MSNInstaller
2008-10-10 10:24 . 2008-04-13 18:12 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-10 10:23 . 2008-04-13 18:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-10-10 10:22 . 2008-04-13 18:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-10-10 10:22 . 2008-04-13 18:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-10 10:22 . 2008-04-13 18:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-10 10:22 . 2008-04-13 18:11 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2008-10-10 10:22 . 2008-04-13 18:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-10-10 10:22 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-10-10 10:21 . 2008-04-13 18:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-10-10 10:21 . 2008-04-13 18:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-10-10 10:21 . 2008-04-13 18:12 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-10-10 10:21 . 2008-04-13 18:12 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-10-10 10:21 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-10-10 10:21 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-10-10 10:21 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-10-10 10:21 . 2008-04-13 18:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-10-10 10:21 . 2007-06-20 23:52 974 --------- C:\WINDOWS\system32\pid.inf
2008-10-10 10:19 . 2008-04-13 18:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-10-10 09:09 . 2008-10-10 09:09 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-10-08 18:29 . 2008-10-08 18:29 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-10-08 18:27 . 2008-09-25 11:00 922,464 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-10-08 18:27 . 2008-09-24 10:32 28,672 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-10-08 18:27 . 2008-09-09 16:45 8,192 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-10-08 18:20 . 2008-10-08 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-08 18:20 . 2008-10-08 18:20 4,444 --a------ C:\WINDOWS\system32\pid.PNF
2008-10-08 17:29 . 2008-10-10 11:19 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-10-03 15:24 . 2008-10-03 15:24 4,608,744 --a------ C:\Documents and Settings\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2008-09-27 18:31 . 2008-09-27 18:31 <DIR> d-------- C:\Documents and Settings\krazyCarl\Application Data\Malwarebytes
2008-09-27 18:31 . 2008-09-27 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-27 18:09 . 2008-09-27 18:09 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-25 19:59 . 2008-09-27 17:59 <DIR> d-------- C:\stop the spammin
2008-09-25 19:59 . 2008-09-25 19:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-25 19:58 . 2008-09-25 19:58 <DIR> d-------- C:\Spybot search and destroy
2008-09-20 17:03 . 2008-04-13 18:12 245,248 --a------ C:\WINDOWS\system32\SET1E9.tmp
2008-09-20 17:03 . 2008-04-13 18:11 147,968 --a------ C:\WINDOWS\system32\SET1E8.tmp
2008-09-20 17:02 . 2008-04-13 18:11 246,272 --a------ C:\WINDOWS\system32\SET1F4.tmp
2008-09-20 16:55 . 2008-10-15 05:11 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-20 16:55 . 2008-10-15 05:11 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-20 16:55 . 2008-10-15 05:11 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-20 16:55 . 2008-10-15 05:11 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-20 16:41 . 2008-04-13 12:53 264,832 --a------ C:\WINDOWS\system32\drivers\http.sys
2008-09-20 16:41 . 2008-04-13 12:36 79,232 --a------ C:\WINDOWS\system32\drivers\sdbus.sys
2008-09-20 16:41 . 2008-04-13 12:31 37,760 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2008-09-20 16:41 . 2008-04-13 12:31 36,352 --a------ C:\WINDOWS\system32\drivers\intelppm.sys
2008-09-20 16:41 . 2008-04-13 12:45 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys
2008-09-20 16:41 . 2008-04-13 12:36 15,488 --a------ C:\WINDOWS\system32\drivers\mssmbios.sys
2008-09-20 16:41 . 2008-04-13 12:56 12,288 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2008-09-20 16:41 . 2008-04-13 12:40 11,904 --a------ C:\WINDOWS\system32\drivers\sffdisk.sys
2008-09-20 16:41 . 2008-04-13 12:40 11,008 --a------ C:\WINDOWS\system32\drivers\sffp_sd.sys
2008-09-20 16:39 . 2004-08-10 06:00 1,251,840 --a------ C:\WINDOWS\system32\SET38F.tmp
2008-09-20 16:38 . 2004-08-10 06:00 8,384,000 --a------ C:\WINDOWS\system32\SET5CF.tmp
2008-09-20 16:37 . 2008-08-14 03:33 2,023,936 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2008-09-18 15:08 . 2007-04-17 03:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-18 15:08 . 2007-03-07 23:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-18 15:08 . 2008-08-26 01:24 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-18 15:08 . 2008-08-26 01:24 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-18 15:08 . 2008-08-26 01:24 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-18 15:08 . 2008-08-26 01:24 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-18 15:08 . 2008-08-26 01:24 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-18 15:08 . 2008-08-25 02:38 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-18 15:07 . 2008-10-03 11:41 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-18 11:42 . 2008-09-18 11:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-09-18 11:41 . 2008-09-18 11:41 <DIR> d-------- C:\Documents and Settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 08:19 --------- d-----w C:\Program Files\Sony
2008-10-11 17:49 --------- d-----w C:\Documents and Settings\krazyCarl\Application Data\LimeWire
2008-10-09 01:47 --------- d-----w C:\Documents and Settings\krazyCarl\Application Data\iolo
2008-10-09 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-09-17 02:16 --------- d-----w C:\Program Files\VirtualDJ
2008-09-16 03:58 --------- d-----w C:\Program Files\Vstplugins
2008-09-16 03:53 --------- d-----w C:\Documents and Settings\krazyCarl\Application Data\Sony
2008-09-16 03:53 --------- d-----w C:\Documents and Settings\krazyCarl\Application Data\Publish Providers
2008-09-16 03:53 --------- d-----w C:\Documents and Settings\krazyCarl\Application Data\NetMedia Providers
2008-09-16 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-09-16 03:46 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-09-16 03:41 --------- d-----w C:\Program Files\Sony Setup
2008-09-16 03:35 --------- d-----w C:\Program Files\Audacity
2008-09-16 03:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-16 03:09 --------- d-----w C:\Program Files\AVG
2008-09-16 02:57 --------- d-----w C:\Program Files\LimeWire
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 00:24 --------- d-----w C:\Documents and Settings\krazyCarl\Application Data\Lavasoft
2008-09-13 21:41 --------- d-----w C:\Program Files\DivX
2008-09-13 03:16 --------- d-----w C:\Program Files\Three Rings Design
2008-09-13 02:46 --------- d-----w C:\Documents and Settings\krazyCarl\Application Data\Sony Setup
2008-09-11 09:02 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-10 03:07 --------- d-----w C:\Documents and Settings\krazyCarl\Application Data\Apple Computer
2008-09-10 03:06 --------- d-----w C:\Program Files\iTunes
2008-09-10 03:06 --------- d-----w C:\Program Files\iPod
2008-09-10 03:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 03:05 --------- d-----w C:\Program Files\Bonjour
2008-09-10 03:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-10 03:04 --------- d-----w C:\Program Files\QuickTime
2008-09-10 03:03 --------- d-----w C:\Program Files\Apple Software Update
2008-09-10 03:02 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-10 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-09-10 01:02 --------- d-----w C:\Program Files\Java
2008-09-10 00:52 --------- d-----w C:\Program Files\Google
2008-09-10 00:46 --------- d-----w C:\Program Files\Common Files\L&H
2008-09-10 00:45 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-10 00:43 --------- d-----w C:\Program Files\Microsoft Works
2008-09-10 00:42 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-10 00:40 --------- d-----w C:\Program Files\NeroInstall.bak
2008-09-10 00:39 --------- d-----w C:\Documents and Settings\krazyCarl\Application Data\Nero
2008-09-10 00:37 --------- d-----w C:\Program Files\Common Files\Nero
2008-09-10 00:29 --------- d-----w C:\Program Files\Nero
2008-09-10 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-09-10 00:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-10 00:12 --------- d-----w C:\Program Files\Analog Devices
2008-09-10 00:09 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-09-10 00:07 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-09-10 00:06 --------- d-----w C:\Program Files\HP
2008-09-10 00:04 --------- d-----w C:\Program Files\Common Files\Java
2008-09-09 23:45 --------- d-----w C:\Program Files\Broadcom
2008-09-09 22:47 --------- d-----w C:\Program Files\Qwest
2008-09-09 22:46 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-09-09 22:46 --------- d-----w C:\Program Files\Actiontec
2008-09-09 22:46 --------- d-----w C:\Program Files\2Wire
2008-09-09 22:46 --------- d-----w C:\Documents and Settings\krazyCarl\Application Data\InstallShield
2008-09-09 22:36 --------- d-----w C:\Documents and Settings\krazyCarl\Application Data\TMP
2008-09-09 21:28 --------- d-----w C:\Program Files\Intel
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-06 00:05 --------- d-----w C:\Program Files\PC Wizard 2008
2008-09-05 23:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-05 23:28 502,272 ----a-w C:\WINDOWS\system32\SET659.tmp
2008-09-05 23:18 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-05 23:12 --------- d-----w C:\Program Files\Windows Plus
2008-08-29 16:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 15:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-19 04:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 04:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 04:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 04:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 04:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 04:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 04:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 04:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:WOW
"6112:TCP"= 6112:TCP:WOW

R2 sprtlisten;SupportSoft Listener Service;C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [ ]
S2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [ ]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS [2001-08-17 26568]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 17142]
S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;C:\WINDOWS\system32\DRIVERS\wind502u.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89aa4162-7b66-11dd-a07d-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe /run
\Shell\Shell00\Command - D:\Autorun.exe /run
\Shell\Shell01\Command - D:\Autorun.exe /action
\Shell\Shell02\Command - D:\Autorun.exe /uninstall
.
Contents of the 'Scheduled Tasks' folder

2008-10-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 01:06:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-18 1:08:17
ComboFix-quarantined-files.txt 2008-10-18 07:07:58
ComboFix2.txt 2008-10-17 01:20:51
ComboFix3.txt 2008-10-17 01:03:08
ComboFix4.txt 2008-10-17 00:58:15
ComboFix5.txt 2008-10-18 07:03:09

Pre-Run: 58,634,784,768 bytes free
Post-Run: 58,622,111,744 bytes free

247 --- E O F --- 2008-10-16 09:00:46



and hijackthis....again.... :/

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:21 AM, on 10/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [{07-78-8C-CF-DW}] C:\windows\system32\rmwnw64m.exe DWrvg
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntqtdl.exe DWrvg
O4 - HKLM\..\Run: [{77d29295-1377-9687-127e-0956b643f90a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll" DllStart
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKLM\..\Run: [{9398bbf1-4809-1117-c19c-3802f3ca4100}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\xnnkiqlpgou.dll" DllStart
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 7378 bytes

Hi evilmuffin

Don't use a previous CFScript.
They are designed to be only used once.

Let's see if this will remove those errors:

Run Hijackthis again, click scan, and Put a checkmark next to each of these items.
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [{07-78-8C-CF-DW}] C:\windows\system32\rmwnw64m.exe DWrvg
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntqtdl.exe DWrvg
O4 - HKLM\..\Run: [{77d29295-1377-9687-127e-0956b643f90a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll" DllStart
O4 - HKLM\..\Run: [{9398bbf1-4809-1117-c19c-3802f3ca4100}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\xnnkiqlpgou.dll" DllStart
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"

Then close all other windows, browsers etc--you should only see HijackThis on your Desktop--and click the Fix Checked button.

Reboot your computer to complete the process.

Please post back a new Hjt log when finished.

Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:41 PM, on 10/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKLM\..\Run: [{07-78-8C-CF-DW}] C:\windows\system32\rmwnw64m.exe DWrvg
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntqtdl.exe DWrvg
O4 - HKLM\..\Run: [{77d29295-1377-9687-127e-0956b643f90a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll" DllStart
O4 - HKLM\..\Run: [{9398bbf1-4809-1117-c19c-3802f3ca4100}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\xnnkiqlpgou.dll" DllStart
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 7122 bytes


sorry about using the old cfscript...it was the same problem so i figured it would get rid of it or kill the computer...niether happened lol

Hello,

I'll be finishing for Starbuck, as he's unavailable.

Sometimes it's best to go to those files and delete them manually, so navigate to System32 and delete them, then restart your computer. If they didn't go in normal mode, then try it in safe mode. Sometimes your protection programs prevent deletions like that in normal mode.

Let me know how you come out.

Thanks,
tea

i went to the system32 folder and neither of those are there...i dont know who keeps going to nasty websites but it was pretty much fixed and then i scanned it last night and there were 127 critical objects removed...i also did that in safe mode...so then i scanned it again right afterwards and theres still 3 critical objects stuck...please help, this is rediculous

Hi,

What's really ridiculous is the scanner. Not your fault at all. I bet it's cookies.....and they say spyware by them? Those are usually the "critical objects". You want to post a new HijackThis log and I'll have a look? :)

Thanks,
tea

here it is...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:34 AM, on 11/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system32\rmwnw64m.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msupdate.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\mkrnl.exe
C:\WINDOWS\system32\mcntqtdl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKLM\..\Run: [{77d29295-1377-9687-127e-0956b643f90a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll" DllStart
O4 - HKLM\..\Run: [{9398bbf1-4809-1117-c19c-3802f3ca4100}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\xnnkiqlpgou.dll" DllStart
O4 - HKLM\..\Run: [{07-78-8C-CF-DW}] C:\windows\system32\rmwnw64m.exe DWrvg
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntqtdl.exe DWrvg
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
O4 - HKCU\..\Run: [AWMON] "C:\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [msupdate.exe] C:\WINDOWS\system32\msupdate.exe -check
O4 - HKUS\.DEFAULT\..\Run: [Jnskdfmf9eldfd] C:\WINDOWS\TEMP\csrssc.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntqtdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rmwnw64m.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: egcqpn.dll sgmgjf.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 8374 bytes

kill the virus!!!

i also get this about 2-3 times a second

and the error messages that i get every time i start up the computer are still there >.<

Hello,

I can't say what happened before I took the thread over, but you've gotten infected again. :(

Please delete your old version of ComboFix if you haven't already.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

here you are :) it's already running better lol but the error messages are there...i dont know how they keep coming back..

ComboFix 08-11-09.04 - krazyCarl 2008-11-10 13:46:23.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.737 [GMT -7:00]
* Created a new restore point
.
ADS - svchost.exe: deleted 25088 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\krazyCarl\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\LocalService\Application Data\1076308579.exe
c:\documents and settings\LocalService\Application Data\1132935139.exe
c:\documents and settings\LocalService\Application Data\1178682057.exe
c:\program files\Internet Explorer\setupapi.dll
c:\program files\Mozilla Firefox\setupapi.dll
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\sysin.scr
c:\windows\system32\adult.txt
c:\windows\system32\CbEvtSvc.exe
c:\windows\system32\drivers\ati4xbxx.sys
c:\windows\system32\finance.txt
c:\windows\system32\kaxs.dat
c:\windows\system32\lt.res
c:\windows\system32\mdjisqyb.dll
c:\windows\system32\MSINET.oca
c:\windows\system32\msupdate.exe
c:\windows\system32\olaksqkq.dll
c:\windows\system32\other.txt
c:\windows\system32\pharma.txt
c:\windows\system32\psyche.exe
c:\windows\system32\PsycheEnqueue.exe
c:\windows\system32\rmoxkarw.dll
c:\windows\system32\sft.res
c:\windows\system32\sn.txt
c:\windows\system32\sxmg4.dll
c:\windows\system32\T2
c:\windows\system32\veipbl.dll
c:\windows\system32\veipbl32.dll
c:\windows\Tasks\lojexbph.job
c:\windows\temp\1323838200.exe
c:\windows\temp\168423964.exe
c:\windows\temp\1693405712.exe
c:\windows\temp\2010800418.exe
c:\windows\temp\244357840.exe
c:\windows\temp\2858243196.exe
c:\windows\temp\367606408.exe
c:\windows\temp\380418908.exe
c:\windows\temp\3814375982.exe
c:\windows\temp\948663808.exe

----- BITS: Possible infected sites -----

hxxp://kakoitodomen.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Psyche
-------\Legacy_Psyche
-------\Service_PsycheEnqueue
-------\Legacy_PsycheEnqueue
-------\Legacy_ati4xbxx
-------\Legacy_CBEVTSVC
-------\Legacy_FCI
-------\Legacy_ICF
-------\Service_ati4xbxx
-------\Service_CbEvtSvc
-------\Service_FCI
-------\Service_ICF
-------\Service_restore


((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-09 23:46 . 2008-11-09 23:46 16,451 --a------ c:\windows\gmail.com-error.html
2008-11-09 23:46 . 2008-11-09 23:46 6,182 --a------ c:\windows\live.com-error.html
2008-11-09 23:46 . 2008-11-09 23:46 5,596 --a------ c:\windows\aol.com-error.html
2008-11-09 23:46 . 2008-11-09 23:46 3,696 --a------ c:\windows\google.com-error.html
2008-11-09 23:46 . 2008-11-09 23:46 1,997 --a------ c:\windows\search.yahoo.com-error.html
2008-11-07 01:28 . 2008-11-07 01:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-07 01:28 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-07 01:28 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-05 21:23 . 2008-11-05 21:13 578,560 --a------ c:\windows\system32\wiyiyvdi
2008-11-05 21:23 . 2008-11-05 21:23 225,290 --a------ c:\windows\system32\em0.exe
2008-11-05 21:18 . 2008-11-05 21:18 <DIR> d-------- c:\documents and settings\krazyCarl\Application Data\IUpd721
2008-11-05 21:18 . 2008-11-10 13:39 58 --a------ c:\windows\system32\winwp.bmp
2008-11-05 21:14 . 2008-11-05 21:13 578,560 --a------ c:\windows\system32\zfts
2008-11-05 21:14 . 2008-11-05 21:14 50,688 --a------ c:\windows\system32\rbsgem.dll
2008-11-05 21:14 . 2008-11-05 21:23 41,984 --a------ C:\mseokh.exe
2008-11-05 21:13 . 2008-11-05 21:13 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-05 21:13 . 2008-11-05 21:13 144,896 --a------ c:\windows\system32\mkrnl.exe
2008-11-05 21:13 . 2008-11-05 21:25 63,488 --a------ c:\windows\system32\rgv.xl
2008-11-05 21:13 . 2008-11-05 21:25 32,768 --a------ c:\windows\system32\fes.ra
2008-11-05 21:13 . 2008-11-05 21:25 32,768 --a------ c:\windows\system32\fe.sp
2008-11-05 21:13 . 2008-11-05 21:25 28,672 --a------ c:\windows\system32\def.help
2008-11-05 21:13 . 2008-11-05 21:25 28,672 --a------ c:\windows\system32\ceg.sdr
2008-11-05 21:13 . 2008-11-06 23:57 24,576 --a------ c:\windows\Mxesobogebu.dll
2008-11-05 21:13 . 2008-11-05 21:23 2 --a------ C:\-1736410929
2008-11-05 21:12 . 2008-11-05 21:12 <DIR> d-------- c:\windows\system32\uvb
2008-11-05 21:12 . 2008-11-05 21:12 <DIR> d-------- c:\windows\system32\QI19
2008-11-05 21:12 . 2008-11-05 21:12 <DIR> d-------- c:\windows\system32\NPX
2008-11-05 21:12 . 2008-11-05 23:58 <DIR> d-------- c:\windows\system32\im
2008-11-05 21:12 . 2008-11-06 00:01 <DIR> d--hs---- c:\windows\eW91a25vdw
2008-11-05 21:12 . 2008-11-05 21:12 <DIR> d-------- c:\temp\NT32
2008-11-05 21:12 . 2008-11-10 13:46 <DIR> d-------- C:\Temp
2008-11-05 21:12 . 2008-11-05 21:12 41,984 --a------ C:\depwvtw.exe
2008-10-23 13:03 . 2008-10-15 09:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-21 18:39 . 2008-10-21 18:39 <DIR> d-------- c:\program files\NOS
2008-10-21 18:39 . 2008-10-21 18:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-10-21 18:14 . 2008-10-21 18:14 <DIR> d-------- c:\documents and settings\krazyCarl\Application Data\AdobeUM
2008-10-16 19:19 . 2008-10-16 19:19 0 --a------ c:\windows\nsreg.dat
2008-10-16 01:19 . 2008-10-16 01:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Corporation
2008-10-15 18:59 . 2008-05-09 03:53 512,000 -----c--- c:\windows\system32\dllcache\jscript.dll
2008-10-15 04:05 . 2008-10-15 04:05 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-14 23:04 . 2008-09-08 03:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-14 23:02 . 2008-08-14 03:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 23:02 . 2008-08-14 03:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 23:02 . 2008-08-14 02:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 23:02 . 2008-08-14 02:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-14 23:02 . 2008-09-15 05:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-12 18:00 . 2008-10-12 18:00 <DIR> d-------- C:\Logs
2008-10-11 12:06 . 2008-10-12 18:09 <DIR> d-------- c:\program files\World of Warcraft
2008-10-11 12:06 . 2008-10-11 12:06 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-10-11 11:55 . 2008-10-11 11:57 <DIR> d-------- c:\program files\SpywareBlaster
2008-10-11 11:55 . 2008-11-07 00:04 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-10-11 11:12 . 2008-10-11 11:12 <DIR> d-------- c:\documents and settings\krazyCarl\Application Data\MSNInstaller
2008-10-10 09:24 . 2008-04-13 17:12 412,160 --------- c:\windows\system32\photometadatahandler.dll
2008-10-10 09:23 . 2008-04-13 17:12 4,274,816 --------- c:\windows\system32\nv4_disp.dll
2008-10-10 09:22 . 2008-04-13 17:11 397,312 --------- c:\windows\system32\mmcex.dll
2008-10-10 09:22 . 2008-04-13 17:11 184,320 --------- c:\windows\system32\microsoft.managementconsole.dll
2008-10-10 09:22 . 2008-04-13 17:11 106,496 --------- c:\windows\system32\mmcfxcommon.dll
2008-10-10 09:22 . 2008-04-13 17:11 86,016 --------- c:\windows\system32\mdmxsdk.dll
2008-10-10 09:22 . 2008-04-13 17:12 33,792 --------- c:\windows\system32\mmcperf.exe
2008-10-10 09:22 . 2004-08-03 21:41 11,868 --------- c:\windows\system32\drivers\mdmxsdk.sys
2008-10-10 09:21 . 2008-04-13 17:11 61,440 --------- c:\windows\system32\kmsvc.dll
2008-10-10 09:21 . 2008-04-13 17:11 37,376 --------- c:\windows\system32\l2gpstore.dll
2008-10-10 09:21 . 2008-04-13 17:12 10,752 --------- c:\windows\system32\smtpapi.dll
2008-10-10 09:21 . 2008-04-13 17:12 9,728 --------- c:\windows\system32\rwnh.dll
2008-10-10 09:21 . 2008-04-13 17:09 6,144 --------- c:\windows\system32\kbdpash.dll
2008-10-10 09:21 . 2008-04-13 17:09 6,144 --------- c:\windows\system32\kbdnepr.dll
2008-10-10 09:21 . 2008-04-13 17:09 6,144 --------- c:\windows\system32\kbdiultn.dll
2008-10-10 09:21 . 2008-04-13 17:09 6,144 --------- c:\windows\system32\kbdbhc.dll
2008-10-10 09:21 . 2007-06-20 22:52 974 --------- c:\windows\system32\pid.inf
2008-10-10 09:19 . 2008-04-13 17:11 1,888,992 --------- c:\windows\system32\ati3duag.dll
2008-10-10 08:09 . 2008-10-10 08:09 2,422 --a------ c:\windows\system32\wpa.bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 07:18 --------- d-----w c:\documents and settings\krazyCarl\Application Data\LimeWire
2008-10-16 08:19 --------- d-----w c:\program files\Sony
2008-10-09 01:47 --------- d-----w c:\documents and settings\krazyCarl\Application Data\iolo
2008-10-09 00:37 --------- d-----w c:\documents and settings\All Users\Application Data\iolo
2008-10-09 00:29 --------- d-----w c:\program files\Common Files\Authentium
2008-10-09 00:20 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-09-28 00:31 --------- d-----w c:\documents and settings\krazyCarl\Application Data\Malwarebytes
2008-09-28 00:31 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-09-26 01:59 --------- d-----w c:\program files\Trend Micro
2008-09-18 17:42 --------- d-----w c:\documents and settings\Administrator\Application Data\Lavasoft
2008-09-17 02:16 --------- d-----w c:\program files\VirtualDJ
2008-09-16 03:58 --------- d-----w c:\program files\Vstplugins
2008-09-16 03:53 --------- d-----w c:\documents and settings\krazyCarl\Application Data\Sony
2008-09-16 03:53 --------- d-----w c:\documents and settings\krazyCarl\Application Data\Publish Providers
2008-09-16 03:53 --------- d-----w c:\documents and settings\krazyCarl\Application Data\NetMedia Providers
2008-09-16 03:50 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-09-16 03:46 --------- d-----w c:\program files\Microsoft SQL Server
2008-09-16 03:41 --------- d-----w c:\program files\Sony Setup
2008-09-16 03:35 --------- d-----w c:\program files\Audacity
2008-09-16 03:10 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-16 03:09 --------- d-----w c:\program files\AVG
2008-09-16 02:57 --------- d-----w c:\program files\LimeWire
2008-09-15 00:24 --------- d-----w c:\documents and settings\krazyCarl\Application Data\Lavasoft
2008-09-13 21:41 --------- d-----w c:\program files\DivX
2008-09-13 03:16 --------- d-----w c:\program files\Three Rings Design
2008-09-13 02:46 --------- d-----w c:\documents and settings\krazyCarl\Application Data\Sony Setup
2008-09-11 09:02 --------- d-----w c:\program files\MSXML 4.0
2008-09-10 03:07 --------- d-----w c:\documents and settings\krazyCarl\Application Data\Apple Computer
2008-09-10 03:06 --------- d-----w c:\program files\iTunes
2008-09-10 03:06 --------- d-----w c:\program files\iPod
2008-09-10 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 03:05 --------- d-----w c:\program files\Bonjour
2008-09-10 03:05 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-09-10 03:04 --------- d-----w c:\program files\QuickTime
2008-09-10 03:03 --------- d-----w c:\program files\Apple Software Update
2008-09-10 03:02 --------- d-----w c:\program files\Common Files\Apple
2008-09-10 03:02 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-09-10 01:02 --------- d-----w c:\program files\Java
2008-09-10 00:52 --------- d-----w c:\program files\Google
2008-09-10 00:46 --------- d-----w c:\program files\Common Files\L&H
2008-09-10 00:45 --------- d-----w c:\program files\Microsoft ActiveSync
2008-09-10 00:43 --------- d-----w c:\program files\Microsoft Works
2008-09-10 00:42 --------- d-----w c:\program files\Microsoft.NET
2008-09-10 00:40 --------- d-----w c:\program files\NeroInstall.bak
2008-09-10 00:39 --------- d-----w c:\documents and settings\krazyCarl\Application Data\Nero
2008-09-10 00:37 --------- d-----w c:\program files\Common Files\Nero
2008-09-10 00:29 --------- d-----w c:\program files\Nero
2008-09-10 00:29 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-09-10 00:19 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-10 00:12 --------- d-----w c:\program files\Analog Devices
2008-09-10 00:09 --------- d-----w c:\documents and settings\LocalService\Application Data\iolo
2008-09-10 00:06 --------- d-----w c:\program files\HP
2008-09-10 00:04 --------- d-----w c:\program files\Common Files\Java
2005-07-29 23:24 472 --sha-r c:\windows\eW91a25vdw\yq6YuZcSxT.vbs
.
file copied: c:\windows\system32\user32.dll -> c:\qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir ( 578560 bytes )
Infected c:\windows\system32\user32.dll hex repaired


((((((((((((((((((((((((((((( snapshot@2008-10-16_18.57.40.77 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 02:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
- 2000-08-31 14:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 15:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 14:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 15:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2008-10-15 19:11:16 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-10 20:45:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-06 04:23:30 16,384 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2008-10-15 19:11:16 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-10 20:45:26 360,448 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-10 20:23:50 49,152 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008110320081110\index.dat
+ 2008-11-10 20:45:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008111020081111\index.dat
+ 2008-11-06 04:22:51 78,924 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
+ 2008-11-10 20:45:26 14,336 -c--a-w c:\windows\system32\dllcache\svchost.exe
- 2008-04-14 00:12:01 337,408 ------w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\system32\netapi32.dll
+ 2008-09-21 17:08:14 200,704 ----a-w c:\windows\system32\NPX\ZID556DL.exe
- 2008-10-15 19:15:03 70,028 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-05 05:48:12 70,028 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-15 19:15:03 418,894 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-05 05:48:12 418,894 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-29 18:43:40 32,768 ----a-w c:\windows\system32\QI19\QI191065.exe
+ 2008-11-07 07:07:56 95,040 ----a-w c:\windows\system32\Restore\rstrlog.dat
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-11-07 06:57:05 14,336 ----a-w c:\windows\system32\svchost(2).exe
- 2008-04-14 00:12:36 14,336 ------w c:\windows\system32\svchost.exe
+ 2008-11-10 20:45:26 14,336 ----a-w c:\windows\system32\svchost.exe
- 2008-04-14 00:12:08 578,560 ------w c:\windows\system32\user32.dll
+ 2008-11-06 04:13:03 578,560 ----a-w c:\windows\system32\user32.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"AWMON"="c:\ad-aware se plus\Ad-Watch.exe" [2008-09-14 517632]
"VnrPack20"="c:\program files\VnrPack\VnrPack20.exe" [BU]
"VnrBlock20"="c:\program files\VnrBlock\VnrBlock20.exe" [BU]
"GetPack21"="c:\program files\GetPack\GetPack21.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SMSystemAnalyzer"="c:\program files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [BU]
"iolo AntiVirus"="c:\program files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" [BU]
"iolo Personal Firewall"="c:\program files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" [BU]
"{07-78-8C-CF-DW}"="c:\windows\system32\rmwnw64m.exe" [BU]
"{77d29295-1377-9687-127e-0956b643f90a}"="c:\windows\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll" [BU]
"{9398bbf1-4809-1117-c19c-3802f3ca4100}"="c:\windows\system32\xnnkiqlpgou.dll" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:WOW
"6112:TCP"= 6112:TCP:WOW

R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
S1 319d4ef4;319d4ef4;c:\windows\system32\drivers\319d4ef4.sys [ ]
S1 atinpdxxx;atinpdxxx;c:\windows\system32\drivers\atinpdxxx.sys [ ]
S1 e5ea9fc9;e5ea9fc9;c:\windows\system32\drivers\e5ea9fc9.sys [ ]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [ ]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [ ]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;c:\windows\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;c:\windows\system32\DRIVERS\BCM4E5.SYS [2001-08-17 26568]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;c:\windows\system32\CBTNDIS5.SYS [2003-07-16 17142]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;c:\windows\system32\DRIVERS\wind502u.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89aa4162-7b66-11dd-a07d-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe /run
\Shell\Shell00\Command - D:\Autorun.exe /run
\Shell\Shell01\Command - D:\Autorun.exe /action
\Shell\Shell02\Command - D:\Autorun.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A744F16C-B2D5-4138-81A2-085CDFCDE83A}]
rundll32 sxmg4.dll,InitModule
.
Contents of the 'Scheduled Tasks' folder

2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3711eeb0-1851-42c2-9abd-c29470a5035c} - c:\windows\system32\iifdcDsP.dll
BHO-{cdea6cfc-0c04-4c67-99ae-d94d858fac7f} - c:\windows\system32\ljJATNhG.dll
HKLM-Run-ExploreUpdSched - c:\windows\system32\mcntqtdl.exe
ShellExecuteHooks-{3711EEB0-1851-42C2-9ABD-C29470A5035C} - c:\windows\system32\iifdcDsP.dll
Notify-c00da33c - c00DA33C.mat
Notify-iifdcdsp - iifdcDsP.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\krazyCarl\Application Data\Mozilla\Firefox\Profiles\uobwslnt.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 13:51:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\svchost(2).exe:ext.exe 25088 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-10 13:57:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-10 20:57:16
ComboFix2.txt 2008-10-18 07:08:18
ComboFix3.txt 2008-10-17 01:20:51
ComboFix4.txt 2008-10-17 01:03:08
ComboFix5.txt 2008-11-10 20:39:46

Pre-Run: 59,070,885,888 bytes free
Post-Run: 59,163,492,352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

377 --- E O F --- 2008-10-24 09:00:48

Hello there,

Could I please see a new HijackThis log also? We're going to try doing one big fix the next post so be ready.

tea

i scanned it with spybot search and destroy yesterday after i posted that and there's not any more registry detections being made and all that's left is the error messages when starting up, i couldn't dl it before because the computer was barely connecting to the internet >:( so everytime i went to go get it, it would dl about 30 percent of the way lol...it was hard enough getting combo fix..anyways, i haven't restarted the computer just yet but here's hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:57 PM, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKLM\..\Run: [{77d29295-1377-9687-127e-0956b643f90a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{05fef975-5cf1-2df2-d70f-7dd437e6d660}.dll" DllStart
O4 - HKLM\..\Run: [{9398bbf1-4809-1117-c19c-3802f3ca4100}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\xnnkiqlpgou.dll" DllStart
O4 - HKLM\..\Run: [{07-78-8C-CF-DW}] C:\windows\system32\rmwnw64m.exe DWrvg
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntqtdl.exe DWrvg
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 7455 bytes

Hello,

You were got good between then and now. I have to tell you that you're system is compromised. Several of the entries in the ComboFix log can be found here: http://www.trendmicro.com/vinfo/virusencyc...TKU&VSect=T
If you don't reformat and reinstall, which is your safest and surest course, then it is extremely important to change your passwords and such after it's clean. Your passwords are all known. Don't do it now, or they'll just get stolen again. Keep an eye on any sensitive accounts you might have for nefarious activity.

Please let me know what you want to do.

Thanks,
tea