slow running computer and pop ups

[jnick3810]

hello im new to this, this is my first post.  im having some serious computer issues and before i take it to someone else and pay them to fix it i thought i would give it a try.  a friend of mine told me about this forum and hijack this so i thought i would give it a try.  its pretty hard to discribe what is goin on with my computer but i will try.

its running really slow, my homepaged has been changed to ucleaner.com, im getting a pop up that says im infected with worm.win32.netsky, im also getting a "windows security alert" sayin that windows has detected an internet attack... somebody's tryin to infect your PC with spyware ...ect.  im also getting a xp antivirus 2008 - threats detected pop up, and my computer is changing the tabs on its own... for example if i have one page up and some others behind it, it will change between them on its own...sorry for the long winded description

heres my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 3:30:50 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\XP Antivirus\xpantivirus.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dmremote.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BDEX System - {87EF7048-8905-4E82-862E-65004D4DFA80} - C:\WINDOWS\domnftwwrn.dll
O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: The emlkdvo - {13EDA0D4-F00D-43B9-8EF2-6313909D3143} - C:\WINDOWS\emlkdvo.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpantivirus.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Bet On USA Poker - {64FA9700-6A17-4bd5-A7D8-D81CF095995F} - C:\Program Files\betonusaMPP\MPPoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: alxvdvm - {7A63B55B-932A-4F9A-979D-EEE0FB56B2E2} - C:\WINDOWS\alxvdvm.dll
O21 - SSODL: bvtqfvx - {76BCA9F3-94C4-45C4-A015-2B2C80FCD25F} - C:\WINDOWS\bvtqfvx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe

any help would be greatly appreciated

thank you
Justin

[guestolo]

sorry for the long winded description

I like when users post a description of their problems, helps out  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

Can we do the following please
Download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Post back both the following

1. Post the log from Smitfraudfix

2. Also, can you update your version of Hijackthis
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum

[jnick3810]

alright i downloaded those two things and ran them, heres what i got
 

SmitFraudFix v2.274

Scan done at 16:42:21.54, Sun 12/30/2007
Run from C:\Program Files\BitLord\Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\XP Antivirus\xpantivirus.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dmremote.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Justin Nichols


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Justin Nichols\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JUSTIN~1\FAVORI~1

C:\DOCUME~1\JUSTIN~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\JUSTIN~1\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\JUSTIN~1\FAVORI~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\JUSTIN~1\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\JUSTIN~1\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\JUSTIN~1\Desktop\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 3Com EtherLink 10/100 PCI TX NIC (3C905B-TX) - Packet Scheduler Miniport
DNS Server Search Order: 204.127.203.135
DNS Server Search Order: 216.148.225.135

Description: 3Com EtherLink 10/100 PCI TX NIC (3C905B-TX) - Packet Scheduler Miniport
DNS Server Search Order: 204.127.203.135
DNS Server Search Order: 216.148.225.135

HKLM\SYSTEM\CCS\Services\Tcpip\..\{39A343CE-78D4-472D-8368-F06B74D7E6BC}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CCS\Services\Tcpip\..\{40B55A71-9729-4B0B-B135-AE080A3F59C5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\..\{39A343CE-78D4-472D-8368-F06B74D7E6BC}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\..\{40B55A71-9729-4B0B-B135-AE080A3F59C5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS3\Services\Tcpip\..\{40B55A71-9729-4B0B-B135-AE080A3F59C5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Here is HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:49 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\XP Antivirus\xpantivirus.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dmremote.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BDEX System - {87EF7048-8905-4E82-862E-65004D4DFA80} - C:\WINDOWS\domnftwwrn.dll
O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: The emlkdvo - {13EDA0D4-F00D-43B9-8EF2-6313909D3143} - C:\WINDOWS\emlkdvo.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpantivirus.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Bet On USA Poker - {64FA9700-6A17-4bd5-A7D8-D81CF095995F} - C:\Program Files\betonusaMPP\MPPoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: alxvdvm - {7A63B55B-932A-4F9A-979D-EEE0FB56B2E2} - C:\WINDOWS\alxvdvm.dll
O21 - SSODL: bvtqfvx - {76BCA9F3-94C4-45C4-A015-2B2C80FCD25F} - C:\WINDOWS\bvtqfvx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7612 bytes


thanks again

[guestolo]

Good work, let's see what we can clear with the next couple steps
Then we'll deal with the leftovers afterwards

Can you do the following
You may want to print these instructions or save them to a text file on desktop for reference

Do a "System scan only" with Hijackthis and put a check next to these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BDEX System - {87EF7048-8905-4E82-862E-65004D4DFA80} - C:\WINDOWS\domnftwwrn.dll

O3 - Toolbar: The emlkdvo - {13EDA0D4-F00D-43B9-8EF2-6313909D3143} - C:\WINDOWS\emlkdvo.dll
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpantivirus.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: alxvdvm - {7A63B55B-932A-4F9A-979D-EEE0FB56B2E2} - C:\WINDOWS\alxvdvm.dll
O21 - SSODL: bvtqfvx - {76BCA9F3-94C4-45C4-A015-2B2C80FCD25F} - C:\WINDOWS\bvtqfvx.dll


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Afterwards:
Please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

In safe mode

Enter Add/remove programs, IF XP Antivirus is listed
Uninstall it
Remain in safe mode

Open the SmitfraudFix folder again and double-click smitfraudfix.cmd

=============================================================
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't
Boot to Normal Windows
I'll need to see the log it generates later, by default it is located at
C:\rapport.txt
=============================================================

Back in Windows

Download this file - Combofix.exe and save it ONLY to your desktop

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
It's default location is C:\Combofix.txt

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Afterwards, do the following

1. Post the log from Combofix

2. Post the new log from Smitfraudfix>>C:\Rapport.txt

[guestolo]

I forgot to include this one when you do fixes with Hijackthis
If you haven't started yet, can you include it with the entries the Fix Check please
If you already have started and don't see this post till afterwards, don't worry about it, we'll get it later, but more
than likely Smitfraudfix will deal with it

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

[jnick3810]

alright i went through the steps you layed out Thank you, and here are my reports

mitFraudFix v2.274

Scan done at 17:39:10.26, Sun 12/30/2007
Run from C:\Program Files\BitLord\Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\privacy_danger\ Deleted
C:\DOCUME~1\JUSTIN~1\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\JUSTIN~1\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\JUSTIN~1\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\JUSTIN~1\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\JUSTIN~1\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\JUSTIN~1\FAVORI~1\Spyware?Malware Protection.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{39A343CE-78D4-472D-8368-F06B74D7E6BC}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CCS\Services\Tcpip\..\{40B55A71-9729-4B0B-B135-AE080A3F59C5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\..\{39A343CE-78D4-472D-8368-F06B74D7E6BC}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\..\{40B55A71-9729-4B0B-B135-AE080A3F59C5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS3\Services\Tcpip\..\{39A343CE-78D4-472D-8368-F06B74D7E6BC}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS3\Services\Tcpip\..\{40B55A71-9729-4B0B-B135-AE080A3F59C5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End





ComboFix 07-12-31.4 - Justin Nichols 2007-12-30 17:51:55.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.189 [GMT -6:00]
Running from: C:\Documents and Settings\Justin Nichols\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\iMeshBar
C:\Program Files\iMeshBar\bar\History\search
C:\WINDOWS\alxvdvm.dll
C:\WINDOWS\bvtqfvx.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\domnftwwrn.dll
C:\WINDOWS\emlkdvo.dll
C:\WINDOWS\fvkwdrt.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

.
(((((((((((((((((((((((((   Files Created from 2007-11-28 to 2007-12-31  )))))))))))))))))))))))))))))))
.

2007-12-30 17:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 17:49 . 2007-12-30 17:49 268 --ah----- C:\sqmdata05.sqm
2007-12-30 17:49 . 2007-12-30 17:49 244 --ah----- C:\sqmnoopt05.sqm
2007-12-30 17:31 . 2007-12-30 17:31 268 --ah----- C:\sqmdata04.sqm
2007-12-30 17:31 . 2007-12-30 17:31 244 --ah----- C:\sqmnoopt04.sqm
2007-12-30 17:29 . 2007-12-30 17:29 268 --ah----- C:\sqmdata03.sqm
2007-12-30 17:29 . 2007-12-30 17:29 244 --ah----- C:\sqmnoopt03.sqm
2007-12-30 16:43 . 2007-12-30 17:39 1,808 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-30 16:38 . 2007-12-30 16:38 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 15:13 . 2007-12-30 15:14 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-30 15:13 . 2007-12-30 15:13 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-30 15:12 . 2007-12-30 15:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-30 15:12 . 2007-12-30 15:13 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-30 14:51 . 2007-12-30 14:51 244 --ah----- C:\sqmnoopt02.sqm
2007-12-30 14:51 . 2007-12-30 14:51 232 --ah----- C:\sqmdata02.sqm
2007-12-30 11:18 . 2007-12-30 11:18 268 --ah----- C:\sqmdata01.sqm
2007-12-30 11:18 . 2007-12-30 11:18 244 --ah----- C:\sqmnoopt01.sqm
2007-12-30 02:02 . 2007-12-30 02:02 268 --ah----- C:\sqmdata00.sqm
2007-12-30 02:02 . 2007-12-30 02:02 244 --ah----- C:\sqmnoopt00.sqm
2007-12-27 21:26 . 2007-12-27 21:26 <DIR> d-------- C:\Program Files\XP Antivirus
2007-12-27 00:39 . 2007-12-27 00:39 <DIR> d-------- C:\Program Files\MediaSupplyCodec
2007-12-16 01:45 . 2007-12-16 02:02 <DIR> d-------- C:\Documents and Settings\Justin Nichols\Contacts
2007-12-16 01:44 . 2007-12-16 01:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-17 00:15 . 2007-11-17 00:33 <DIR> d-------- C:\Program Files\3wPlayer
2007-11-14 15:22 . 2007-12-24 10:56 <DIR> d-------- C:\Documents and Settings\Justin Nichols\Application Data\MSN6
2007-11-14 15:22 . 2007-11-14 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 23:49 --------- d-----w C:\Program Files\ICQ
2007-12-28 04:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 04:10 --------- d-----w C:\Documents and Settings\Justin Nichols\Application Data\My Games
2007-12-28 04:02 --------- d-----w C:\Program Files\EA GAMES
2007-12-28 03:49 --------- d-----w C:\Program Files\Firaxis Games
2007-12-28 03:42 --------- d-----w C:\Program Files\EA SPORTS
2007-12-23 17:56 --------- d-----w C:\Program Files\PartyGaming
2007-12-16 07:45 --------- d-----w C:\Program Files\MSN Messenger
2007-11-17 06:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Meal Memo Free View
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2004-09-28 02:00 457 -c--a-w C:\Program Files\INSTALL.LOG
2004-10-06 05:56 57,344 -csha-w C:\WINDOWS\lbbho.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-12-08 16:50 67160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 11:28 684032]
"Mirabilis ICQ"="C:\PROGRA~1\ICQ\ICQNet.exe" [2003-10-14 10:36 38984]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05 344064]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-14 15:20 1838592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"= 01000000
"NoRecentDocsHistory"= 1 (0x1)
"MaxRecentDocs"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL


*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 17:57:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\winamp.ini 192 bytes
C:\WINDOWS\Windows Update.log 14646 bytes
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsUpdate.log 1594268 bytes
C:\WINDOWS\winhelp.exe 256192 bytes
C:\WINDOWS\winhlp32.exe 283648 bytes executable
C:\WINDOWS\WININIT.INI 10 bytes
C:\WINDOWS\winnt.bmp 48680 bytes
C:\WINDOWS\winnt256.bmp 48680 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\wmsetup.log 135110 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\WMSysPrx.prx 299552 bytes
C:\WINDOWS\WRUninstall.dll 478720 bytes executable
C:\WINDOWS\xpsp1hfm.log 1371 bytes
C:\WINDOWS\Zapotec.bmp 9522 bytes
C:\WINDOWS\_default.pif 707 bytes

scan completed successfully
hidden files: 17

**************************************************************************
.
Completion time: 2007-12-31 17:59:00
C:\qoobox\ComboFix-quarantined-files.txt  2007-12-31 23:58:58
.
2007-12-13 09:05:54 --- E O F ---  



the smitfraudfix.cmd never asked me to check or didnt ever prompt that it was ever checking wininet.dll, also i went through my add remove programs and i didnt see the xpvirus scan on it, the tools got rid of the other icons on my desktop that i didnt put there, but the xpanitvirus one is still there.

other than that, things are definitly running alot smoother.  thank you so much for taking the time to help

 

justin

[guestolo]

We still have a bit more cleaning to do

==Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work

File::
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt02.sqm
C:\sqmdata02.sqm
C:\sqmdata01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\WINDOWS\lbbho.dll
Folder::
C:\Program Files\XP Antivirus
C:\Program Files\MediaSupplyCodec
C:\Documents and Settings\All Users\Application Data\Meal Memo Free View

Save this as txtfile on your desktop
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Don't mouse click on it, let it complete

When finished, it shall produce a log for you again, with the same name C:\ComboFix.txt..
I'll need to see that log again later

supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents along with the fresh log from Combofix

[jnick3810]

alright i did those two things here are the logs


           
Ad-Aware SE Professional
Adobe Flash Player 9
AdvancedDVDPlayer 1.13
Age of Empires III
AOL Instant Messenger
Ares 1.8.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BCM V.92 56K Modem
Bet On USA Poker
BitLord 0.56
BitTorrent 3.4.2
Creative Jukebox Driver
Creative MediaSource
Creative NOMAD Jukebox Zen Xtra
DivoCodec version 1.3.0.0
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EA SPORTS online 2006
Easy CD Creator 5 Basic
Empire Earth
EQ2MAP Updater 0.9.7
FINAL FANTASY XI
FINAL FANTASY XI: Rise of the Zilart
GameSpy Arcade
Google Desktop
Google Toolbar for Firefox
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
ICQ
ICQ  Toolbar
ICQ 5
iMesh 6
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
iPod for Windows 2005-09-23
IrfanView (remove only)
iTunes
K-Lite Codec Pack 2.72 Basic
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Mozilla Firefox (1.5.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 6 Demo
PartyPoker
PerfectDisk
PlayOnline Viewer and Tetra Master
QuickTime Alternative 1.70
Real Alternative 1.49
SAM 2003
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
SportsInterAction Poker
Spybot - Search & Destroy 1.4
TeamSpeak 2 RC2
TweakNow PowerPack 2006 Professional
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB20 setup program
Ventrilo Client
Viewpoint Media Player
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
World of Warcraft
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar


ComboFix 07-12-31.4 - Justin Nichols 2007-12-31 21:53:31.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.159 [GMT -6:00]
Running from: C:\Documents and Settings\Justin Nichols\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Justin Nichols\Desktop\CFScript.txt
 * Created a new restore point

FILE
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\WINDOWS\lbbho.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Meal Memo Free View
C:\Program Files\MediaSupplyCodec
C:\Program Files\MediaSupplyCodec\install.ico
C:\Program Files\XP Antivirus
C:\Program Files\XP Antivirus\xpantivirus.exe
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\WINDOWS\dat.txt
C:\WINDOWS\lbbho.dll

.
(((((((((((((((((((((((((   Files Created from 2007-12-01 to 2008-01-01  )))))))))))))))))))))))))))))))
.

2007-12-31 17:57 . 2007-12-31 17:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-30 17:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 16:43 . 2007-12-30 17:39 1,808 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-30 16:38 . 2007-12-30 16:38 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 15:13 . 2007-12-30 15:14 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-30 15:13 . 2007-12-30 15:13 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-30 15:12 . 2007-12-30 15:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-30 15:12 . 2007-12-30 15:13 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-30 11:18 . 2007-12-30 11:18 244 --ah----- C:\sqmnoopt01.sqm
2007-12-16 01:45 . 2007-12-16 02:02 <DIR> d-------- C:\Documents and Settings\Justin Nichols\Contacts
2007-12-16 01:44 . 2007-12-16 01:44 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 23:49 --------- d-----w C:\Program Files\ICQ
2007-12-28 04:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 04:10 --------- d-----w C:\Documents and Settings\Justin Nichols\Application Data\My Games
2007-12-28 04:02 --------- d-----w C:\Program Files\EA GAMES
2007-12-28 03:49 --------- d-----w C:\Program Files\Firaxis Games
2007-12-28 03:42 --------- d-----w C:\Program Files\EA SPORTS
2007-12-24 16:56 --------- d-----w C:\Documents and Settings\Justin Nichols\Application Data\MSN6
2007-12-23 17:56 --------- d-----w C:\Program Files\PartyGaming
2007-12-16 07:45 --------- d-----w C:\Program Files\MSN Messenger
2007-11-17 06:33 --------- d-----w C:\Program Files\3wPlayer
2007-11-14 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2004-09-28 02:00 457 -c--a-w C:\Program Files\INSTALL.LOG
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-12-08 16:50 67160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 11:28 684032]
"Mirabilis ICQ"="C:\PROGRA~1\ICQ\ICQNet.exe" [2003-10-14 10:36 38984]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05 344064]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-14 15:20 1838592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"= 01000000
"NoRecentDocsHistory"= 1 (0x1)
"MaxRecentDocs"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL


*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 21:57:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\winamp.ini 192 bytes
C:\WINDOWS\Windows Update.log 14646 bytes
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsUpdate.log 1594768 bytes
C:\WINDOWS\winhelp.exe 256192 bytes
C:\WINDOWS\winhlp32.exe 283648 bytes executable
C:\WINDOWS\WININIT.INI 10 bytes
C:\WINDOWS\winnt.bmp 48680 bytes
C:\WINDOWS\winnt256.bmp 48680 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\wmsetup.log 135110 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\WMSysPrx.prx 299552 bytes
C:\WINDOWS\WRUninstall.dll 478720 bytes executable
C:\WINDOWS\xpsp1hfm.log 1371 bytes
C:\WINDOWS\Zapotec.bmp 9522 bytes
C:\WINDOWS\_default.pif 707 bytes

scan completed successfully
hidden files: 17

**************************************************************************
.
Completion time: 2007-12-31 21:58:03
C:\qoobox\ComboFix-quarantined-files.txt  2008-01-01 03:57:49
C:\qoobox\ComboFix2.txt  2007-12-31 23:59:00
.
2007-12-13 09:05:54 --- E O F ---

[guestolo]

Can you do the following
Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Find and delete this file
C:\sqmnoopt01.sqm <-this file

Reset Windows to Hide hidden files and folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Do Not Show hidden files and folders.
    * Check the Hide protected operating system files (recommended) option.
    * Click OK.

Access your add/remove programs and remove the following
Viewpoint Media Player
follow the prompts

Afterwards
Download HostsXpert [color=\"red\"]Here[/color] and unzip it to your desktop.
Next, open HostsXpert

• Make sure that the "make hosts writable?" button in the upper left corner is checked>>Should read 'Make Readonly'
• Now, click on 'Backup/Restore'
• Click 'Create Backup'>>OK>>OK
• then click on 'Restore MS host files'>>OK
• Finally, close HostsXpert.

Please download [color=\"green\"]NoLop[/color] to your Desktop from one of the links below...
Link 1
Link 2
Link 3

• First close any other programs you have running as this will require a reboot.
• Double click NoLop.exe to run it.
• Now click the button labelled "Search and Destroy".
  <<your computer will now be scanned for infected files>>
  
• When scanning is finished you will be prompted to reboot only if infected, Click OK.
• Now click the "REBOOT" Button.
  
• A Message should popup from NoLop. If not, double click the program again and it will finish.
  

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download [color=\"red\"]mscomctl.ocx[/color] to your system32 folder then rerun the program.[/b]--
NOTE: If no infection is found
Can you manually Reboot the computer anyways

I see no AntiVirus software installed, this is NOT safe
If I'm mistaken or if you don't have your own to install
I highly recommend that you install one of the following
ONLY install one, more than one AV can, and probably will cause conflicts
AVG 7 by Grisoft
OR
Avast Home Edition by ALWIL
OR
Avira AntiVir Personal Edition Classic
Decide from the above 3 which you like best, install it and ensure it is updated and then run a complete system scan
Reboot after the scan is complete

Come back here
Please post the contents of C:\NoLop.log along with a fresh log from HijackThis
Keep me informed how things are running please

[Dragon_king]

Wow, thanks for the guide guestolo. I also have the similar problem here...

[guestolo]

[quote name=\'Dragon_king\' post=\'417012\' date=\'Dec 31 2007, 11:12 PM\']Wow, thanks for the guide guestolo. I also have the similar problem here...[/quote]

Dragon king, I suggest that you start your own topic in this forum and supply a hijackthis log
Not all logs are identical