Member Panel

Pancake · 08:19 AM

Ok.Lets start with this...

Download combofix from here:
http://www.techsupportforum.com/sect...s/ComboFix.exe
or....
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

**Save it directly to your desktop**
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post a new HJT when done.

SeanMathew

ComboFix 07-08-17.2 - "kmathew" 2006-01-12 18:58:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.607 [GMT -6:00]

((((((((((((((((((((((((( Files Created from 2005-12-13 to 2006-01-13 )))))))))))))))))))))))))))))))

2006-01-24 21:52 255,488 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-01-24 21:52 1,478,656 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-01-24 21:47 77,824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-01-24 21:47 114,688 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-01-24 21:46 61,440 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-01-24 21:46 41,472 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-01-24 21:46 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-01-24 21:45 405,504 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-01-24 21:44 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-01-24 21:36 2,604,128 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-01-24 21:30 860,192 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-01-24 21:30 6,684,672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-01-24 21:16 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-01-24 21:16 151,552 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-01-24 21:15 40,960 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2006-01-24 21:13 5,115,904 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-01-24 21:10 258,048 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-01-24 20:29 282,624 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-01-11 06:27 51,200 --a------ C:\WINDOWS\nircmd.exe
2006-01-09 14:42 <DIR> d-------- C:\Program Files\Wal-Mart
2006-01-09 14:42 <DIR> d-------- C:\Program Files\Common Files\HP
2006-01-09 14:42 <DIR> d-------- C:\DOCUME~1\kmathew\APPLIC~1\Wal-Mart Digital Photo Manager
2006-01-06 22:20 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2006-01-06 22:20 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2006-01-06 22:18 23,584 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2006-01-06 22:18 1,100,320 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2006-01-06 22:18 <DIR> d-------- C:\Program Files\Kaspersky Lab
2006-01-06 22:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2006-01-06 22:00 <DIR> d-------- C:\KAV
2006-01-04 20:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2006-01-04 20:08 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2006-01-04 19:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2006-01-04 19:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2006-01-04 19:30 <DIR> d-------- C:\DOCUME~1\kmathew\APPLIC~1\SUPERAntiSpyware.com
2006-01-02 03:38 531 --a------ C:\WINDOWS\eReg.dat
2006-01-01 16:13 <DIR> d-------- C:\Program Files\Pop up Blocker
2006-01-01 04:12 1 --a------ C:\WINDOWS\system32\ps.dat
2006-01-01 03:56 49,152 --a------ C:\WINDOWS\system32\park31.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-08 22:31 --------- d-------- C:\Program Files\Lavasoft
2007-08-08 21:59 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\WinRAR
2007-08-08 11:00 --------- d-------- C:\Program Files\LimeWire
2007-08-08 10:06 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-08-07 15:52 --------- d-------- C:\Program Files\QuickTime
2007-08-07 15:50 --------- d-------- C:\Program Files\Apple Software Update
2007-08-06 14:59 --------- d-------- C:\Program Files\SpyZooka
2007-08-06 14:59 --------- d-------- C:\Program Files\Google
2007-08-06 14:09 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\LimeWire
2007-07-30 09:54 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\MSN6
2007-07-19 19:23 --------- d--h----- C:\Program Files\WindowsUpdate
2007-07-12 00:43 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\Ventrilo
2007-06-28 12:51 206088 --a------ C:\WINDOWS\system32\klogon.dll
2007-06-28 12:50 22457 --a------ C:\WINDOWS\system32\drivers\klop.dat
2007-06-20 16:11 --------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-06-15 00:32 --------- d-------- C:\Program Files\DivX
2007-06-11 12:48 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\Talkback
2007-06-04 14:18 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 14:17 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 14:14 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-28 11:43 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\Help
2007-05-26 18:40 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\Google
2007-05-25 12:40 --------- d-------- C:\Program Files\Windows NT
2007-05-25 09:53 8738 --a------ C:\WINDOWS\pchealth\HELPCTR\Config\Cntstore.bin
2007-05-25 09:53 2112 --a------ C:\WINDOWS\pchealth\HELPCTR\PackageStore\SkuStore. bin
2007-05-24 08:03 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\Smart Recorder
2007-05-24 08:01 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\Creative
2007-05-23 11:40 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-05-23 11:25 --------- d-------- C:\Program Files\Creative
2007-05-23 11:04 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-05-23 10:21 2706760 --a------ C:\WINDOWS\system32\prebak.reg
2007-05-23 10:19 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\ATI
2007-05-23 10:12 --------- d-------- C:\Program Files\ATI Technologies
2007-05-23 09:29 --------- d-------- C:\Program Files\Messenger
2007-05-23 09:13 --------- d-------- C:\Program Files\microsoft frontpage
2007-05-23 09:12 0 -rahs---- C:\MSDOS.SYS
2007-05-23 09:12 0 -rahs---- C:\IO.SYS
2007-05-23 09:12 0 --a------ C:\CONFIG.SYS
2007-05-23 09:12 0 --a------ C:\AUTOEXEC.BAT
2007-05-23 09:10 --------- d-------- C:\Program Files\Online Services
2007-05-23 09:10 --------- d-------- C:\Program Files\Movie Maker
2007-05-23 09:09 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-05-23 01:33 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-23 01:33 --------- d-------- C:\Program Files\Common Files\ODBC
2007-04-28 16:51 110360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-04-22 18:15 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-04-22 18:15 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-04-13 14:19 7680 --a------ C:\WINDOWS\system32\lsdelete.exe
2007-04-04 14:58 24344 --a------ C:\WINDOWS\system32\drivers\klim5.sys
2007-03-05 12:34 676224 --a------ C:\WINDOWS\system32\OGACheckControl.DLL
2006-01-26 07:57 520192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2006-01-24 22:01 26928 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2006-01-24 21:28 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2006-01-12 03:47 3212 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2006-01-12 03:47 14588 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2006-01-11 06:33 90112 --a------ C:\WINDOWS\UpdReg.EXE
2006-01-11 05:36 --------- d---s---- C:\Program Files\Xfire
2006-01-11 05:35 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\U3
2006-01-11 02:53 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\Xfire
2006-01-06 22:41 --------- d-------- C:\Program Files\World of Warcraft
2006-01-04 19:29 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-01-02 03:51 --------- d--h----- C:\Program Files\InstallShield Installation Information
2006-01-02 03:47 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-01-02 03:29 --------- d-------- C:\Program Files\EA GAMES

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B61C6CA3-77BF-4299-AB70-5019FCD4AF09}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 15:10]
"P17Helper"="P17.dll" [2005-05-02 21:38 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2006-01-11 06:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"WMDM PMSP Service"="C:\WINDOWS\system32\cssrss.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 06:14]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23]
"Nhe"="C:\WINDOWS\T?sks\t?skmgr.exe" []
"Pop up Blocker"="C:\Program Files\Pop up Blocker\pd.exe" [2007-01-12 15:43]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"Balo"="C:\DOCUME~1\kmathew\APPLIC~1\YMANTE~1\winw ord.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-06 17:52:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\System32\DRIVERS\nvcchflt.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys
R3 P17;Sound Blaster Audigy;C:\WINDOWS\System32\drivers\P17.sys

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-08-07 21:50:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2006-01-12 19:15:56
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2006-01-12 19:17:10
C:\ComboFix-quarantined-files.txt ... 2006-01-12 19:16
C:\ComboFix2.txt ... 2006-01-12 04:02

--- E O F ---

This is what it gave me after that test

SeanMathew

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:40 PM, on 1/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\kmathew\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = N O G G I N: Home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: H - {B61C6CA3-77BF-4299-AB70-5019FCD4AF09} - park31.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Nhe] C:\WINDOWS\T?sks\t?skmgr.exe
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Balo] "C:\DOCUME~1\kmathew\APPLIC~1\YMANTE~1\winword.exe " -vt ndrv
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PD - {BEA54446-221F-4BEE-98F1-81815E50CEC9} - C:\Program Files\Pop up Blocker\pd.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtnet.net/code/chm/xpre.chm::/xpreload.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5245 bytes

Pancake · 11:39 PM

Copy everything inside the quote box below (starting with dir) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop.

dir C:\WINDOWS\T?sks\t?skmgr.exe /a h > files.txt notepad files.txt

Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad here.

=============================

• Uninstall the following programs if present
- Go to Start > Control Panel > Add/Remove Programs
- Select the following, one at a time, and click Remove for each one
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it
If OIN not listed, download and run this uninstaller
http://www.outerinfo.com/OiUninstaller.exe
Reboot when done! Really important!

============================

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKCU\..\Run: [Nhe] C:\WINDOWS\T?sks\t?skmgr.exe
O4 - HKCU\..\Run: [Balo] "C:\DOCUME~1\kmathew\APPLIC~1\YMANTE~1\winword .exe " -vt ndrv
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtnet.net/code/chm/xpre.chm::/xpreload.ocx

Open Windows Explorer and delete the following highlighted file/s

C:\WINDOWS\system32\cssrss.exe

Reboot and post a new HJT log..

SeanMathew

ComboFix 07-08-17.2 - "kmathew" 2006-01-12 3:35:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.540 [GMT -6:00]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode
C:\DOCUME~1\kmathew.\svchost.exe
C:\DOCUME~1\kmathew\APPLIC~1.\ymante~1
C:\DOCUME~1\kmathew\APPLIC~1.\ymante~1\?ymantec\
C:\DOCUME~1\kmathew\APPLIC~1\..\err.log
C:\DOCUME~1\kmathew\Desktop.\internet explorer.lnk
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
C:\Program Files\Common Files\companion wizard\WapCHK.dll
C:\Program Files\inetget2
C:\Program Files\ISM
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\Uninstall.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\notedad.exe
C:\WINDOWS\rau001978.exe
C:\WINDOWS\system32\arutbr.dll
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\B1\chkq22011.exe
C:\WINDOWS\system32\boa.dat
C:\WINDOWS\system32\cgasvslj.ini
C:\WINDOWS\system32\cookie.dat
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\drivers\ApiMon.sys
C:\WINDOWS\system32\drivers\svchost.exe
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\gdsjltho.ini
C:\WINDOWS\system32\iexplorer.dll .dbt
C:\WINDOWS\system32\iojytfwq.ini
C:\WINDOWS\system32\iojytfwq.ini2
C:\WINDOWS\system32\jlsvsagc.dll
C:\WINDOWS\system32\lxsklepq.dll
C:\WINDOWS\system32\mp43.exe
C:\WINDOWS\system32\ohtljsdg.dll
C:\WINDOWS\system32\qpelksxl.ini
C:\WINDOWS\system32\qwftyjoi.dll
C:\WINDOWS\system32\vvvwa.bak1
C:\WINDOWS\system32\vvvwa.bak2
C:\WINDOWS\system32\vvvwa.ini
C:\WINDOWS\system32\vvvwa.ini2
C:\WINDOWS\system32\vvvwa.tmp
C:\WINDOWS\system32\win
C:\WINDOWS\system32\Y1
C:\WINDOWS\system32\Y2
C:\WINDOWS\tsks~1
C:\WINDOWS\tsks~1\t?skmgr.exe
C:\WINDOWS\wr.txt

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE
-------\LEGACY_DRIVER
-------\LEGACY_NET_AGENT
-------\LEGACY_NEW_DRV
-------\LEGACY_NTNDIS

((((((((((((((((((((((((( Files Created from 2005-12-12 to 2006-01-12 )))))))))))))))))))))))))))))))

2006-01-24 21:52 255,488 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-01-24 21:52 1,478,656 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-01-24 21:47 77,824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-01-24 21:47 114,688 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-01-24 21:46 61,440 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-01-24 21:46 41,472 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-01-24 21:46 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-01-24 21:45 405,504 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-01-24 21:44 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-01-24 21:36 2,604,128 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-01-24 21:30 860,192 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-01-24 21:30 6,684,672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-01-24 21:16 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-01-24 21:16 151,552 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-01-24 21:15 40,960 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2006-01-24 21:13 5,115,904 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-01-24 21:10 258,048 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-01-24 20:29 282,624 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-01-11 06:27 51,200 --a------ C:\WINDOWS\nircmd.exe
2006-01-09 14:42 <DIR> d-------- C:\Program Files\Wal-Mart
2006-01-09 14:42 <DIR> d-------- C:\Program Files\Common Files\HP
2006-01-09 14:42 <DIR> d-------- C:\DOCUME~1\kmathew\APPLIC~1\Wal-Mart Digital Photo Manager
2006-01-06 22:20 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2006-01-06 22:20 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2006-01-06 22:18 856,608 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2006-01-06 22:18 23,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2006-01-06 22:18 <DIR> d-------- C:\Program Files\Kaspersky Lab
2006-01-06 22:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2006-01-06 22:00 <DIR> d-------- C:\KAV
2006-01-04 20:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2006-01-04 20:08 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2006-01-04 19:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2006-01-04 19:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2006-01-04 19:30 <DIR> d-------- C:\DOCUME~1\kmathew\APPLIC~1\SUPERAntiSpyware.com
2006-01-02 03:38 531 --a------ C:\WINDOWS\eReg.dat
2006-01-01 16:13 <DIR> d-------- C:\Program Files\Pop up Blocker
2006-01-01 04:12 1 --a------ C:\WINDOWS\system32\ps.dat
2006-01-01 03:56 49,152 --a------ C:\WINDOWS\system32\park31.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-08 22:31 --------- d-------- C:\Program Files\Lavasoft
2007-08-08 21:59 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\WinRAR
2007-08-08 11:00 --------- d-------- C:\Program Files\LimeWire
2007-08-08 10:06 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-08-07 15:52 --------- d-------- C:\Program Files\QuickTime
2007-08-07 15:50 --------- d-------- C:\Program Files\Apple Software Update
2007-08-06 14:59 --------- d-------- C:\Program Files\SpyZooka
2007-08-06 14:59 --------- d-------- C:\Program Files\Google
2007-08-06 14:09 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\LimeWire
2007-07-30 09:54 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\MSN6
2007-07-19 19:23 --------- d--h----- C:\Program Files\WindowsUpdate
2007-07-12 00:43 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\Ventrilo
2007-06-28 12:51 206088 --a------ C:\WINDOWS\system32\klogon.dll
2007-06-28 12:50 22457 --a------ C:\WINDOWS\system32\drivers\klop.dat
2007-06-20 16:11 --------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-06-15 00:32 --------- d-------- C:\Program Files\DivX
2007-06-11 12:48 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\Talkback
2007-06-04 14:18 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 14:17 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 14:14 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-28 11:43 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\Help
2007-05-26 18:40 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\Google
2007-05-25 12:40 --------- d-------- C:\Program Files\Windows NT
2007-05-25 09:53 8738 --a------ C:\WINDOWS\pchealth\HELPCTR\Config\Cntstore.bin
2007-05-25 09:53 2112 --a------ C:\WINDOWS\pchealth\HELPCTR\PackageStore\SkuStore. bin
2007-05-24 08:03 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\Smart Recorder
2007-05-24 08:01 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\Creative
2007-05-23 11:40 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-05-23 11:25 --------- d-------- C:\Program Files\Creative
2007-05-23 11:04 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-05-23 10:21 2706760 --a------ C:\WINDOWS\system32\prebak.reg
2007-05-23 10:19 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\ATI
2007-05-23 10:12 --------- d-------- C:\Program Files\ATI Technologies
2007-05-23 09:29 --------- d-------- C:\Program Files\Messenger
2007-05-23 09:13 --------- d-------- C:\Program Files\microsoft frontpage
2007-05-23 09:12 0 -rahs---- C:\MSDOS.SYS
2007-05-23 09:12 0 -rahs---- C:\IO.SYS
2007-05-23 09:12 0 --a------ C:\CONFIG.SYS
2007-05-23 09:12 0 --a------ C:\AUTOEXEC.BAT
2007-05-23 09:10 --------- d-------- C:\Program Files\Online Services
2007-05-23 09:10 --------- d-------- C:\Program Files\Movie Maker
2007-05-23 09:09 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-05-23 01:33 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-23 01:33 --------- d-------- C:\Program Files\Common Files\ODBC
2007-04-28 16:51 110360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-04-22 18:15 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-04-22 18:15 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-04-13 14:19 7680 --a------ C:\WINDOWS\system32\lsdelete.exe
2007-04-04 14:58 24344 --a------ C:\WINDOWS\system32\drivers\klim5.sys
2007-03-05 12:34 676224 --a------ C:\WINDOWS\system32\OGACheckControl.DLL
2006-01-26 07:57 520192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2006-01-24 22:01 26928 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2006-01-24 21:28 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2006-01-12 03:47 3212 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2006-01-12 03:47 14588 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2006-01-11 06:33 90112 --a------ C:\WINDOWS\UpdReg.EXE
2006-01-11 05:36 --------- d---s---- C:\Program Files\Xfire
2006-01-11 05:35 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\U3
2006-01-11 02:53 --------- d-------- C:\DOCUME~1\kmathew\APPLIC~1\Xfire
2006-01-06 22:41 --------- d-------- C:\Program Files\World of Warcraft
2006-01-04 19:29 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-01-02 03:51 --------- d--h----- C:\Program Files\InstallShield Installation Information
2006-01-02 03:47 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-01-02 03:29 --------- d-------- C:\Program Files\EA GAMES

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B61C6CA3-77BF-4299-AB70-5019FCD4AF09}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 15:10]
"P17Helper"="P17.dll" [2005-05-02 21:38 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2006-01-11 06:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"WMDM PMSP Service"="C:\WINDOWS\system32\cssrss.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 06:14]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23]
"Nhe"="C:\WINDOWS\T?sks\t?skmgr.exe" []
"Pop up Blocker"="C:\Program Files\Pop up Blocker\pd.exe" [2007-01-12 15:43]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"Balo"="C:\DOCUME~1\kmathew\APPLIC~1\YMANTE~1\winw ord.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-06 17:52:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\System32\DRIVERS\nvcchflt.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys
R3 P17;Sound Blaster Audigy;C:\WINDOWS\System32\drivers\P17.sys

Contents of the 'Scheduled Tasks' folder
2007-08-07 21:50:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2006-01-12 03:48:40
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

************************************************** ************************

Completion time: 2006-01-12 4:02:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2006-01-12 03:52

--- E O F ---

SeanMathew

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:40 PM, on 1/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\kmathew\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = N O G G I N: Home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: H - {B61C6CA3-77BF-4299-AB70-5019FCD4AF09} - park31.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Nhe] C:\WINDOWS\T?sks\t?skmgr.exe
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Balo] "C:\DOCUME~1\kmathew\APPLIC~1\YMANTE~1\winword.exe " -vt ndrv
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: PD - {BEA54446-221F-4BEE-98F1-81815E50CEC9} - C:\Program Files\Pop up Blocker\pd.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtnet.net/code/chm/xpre.chm::/xpreload.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5245 bytes

Pancake

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.
O4 - HKCU\..\Run: [Nhe] C:\WINDOWS\T?sks\t?skmgr.exe
O4 - HKCU\..\Run: [Balo] "C:\DOCUME~1\kmathew\APPLIC~1\YMANTE~1\winword .exe " -vt ndrv
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtnet.net/code/chm/xpre.chm::/xpreload.ocx

Before we go any further with this cleanup download and install SP2 and then post a new HJT log.

Member Panel

Sponsors and Ads

Noticeboard