Been out of the game for a while. Not sure where to start here. HijackThis wont seem to run on this machine. Desktop has been hijacked, popups, intermitant restarts. I thought I remember there being another program similar to HijackThis but can't remember. Any help is appreciated.

Hello GodSpeed005 !

Welcome to the site! My name's Egwene and I'll be helping clean up your computer. I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Hey GodSpeed005,

Please download Runscanner to your desktop and run it.

• When the first page comes up select Beginner Mode
• On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
• At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
• On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
• Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.

Help to attach ( upload ) file here :

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Regards,
Egwene.

Attached the .run file and below is the log file contents. I was unable to upload the log file for some reason.

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : NUCKINGFUTS
Creation time : 8/27/2008 5:38:23 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.13
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 1.7.0.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
* Y:\ewido\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
* C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* Y:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
Y:\LimeWire\LimeWire.exe (Lime Wire, LLC)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
* C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
C:\WINDOWS\system32\QckD68Xe.exe
* C:\WINDOWS\system32\rserver30\FamItrfc.Exe (Famatech International Corp.)
* C:\WINDOWS\system32\rserver30\RServer3.exe (Famatech International Corp.)
* C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
* C:\DOCUME~1\Corey\LOCALS~1\Temp\RunScanner.exe (Runscanner.net)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
C:\DOCUME~1\Corey\Desktop\winzip\winzip32.exe (WinZip Computing, Inc.)

Unrated items
-------------
002 Y:\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe (Google Inc.)
002 C:\WINDOWS\system32\braviax.exe
002 C:\WINDOWS\system32\braviax.exe
002 C:\WINDOWS\system32\lphc5h1j0eter.exe
002 C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
002 C:\WINDOWS\system32\nwiz.exe (NVIDIA Corporation)
003 C:\DOCUME~1\Corey\LOCALS~1\Temp\setup1021.exe
003 * C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE (Yahoo! Inc.)
005 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
008 C:\WINDOWS\system32\braviax.exe
009 C:\WINDOWS\system32\braviax.exe
010 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe LM Service)
010 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (ASP.NET State Service)
010 C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (InstallDriver Table Manager)
010 * C:\WINDOWS\system32\rserver30\RServer3.exe (Radmin Server V3)
011 C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys (AVG Anti-Spyware Clean Driver)
011 C:\WINDOWS\system32\drivers\Beep.sys (Beep)
011 * C:\WINDOWS\system32\rserver30\raddrvv3.sys (raddrvv3)
030 C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
035 C:\WINDOWS\System32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}
052 GUID / CLSID not found {02478D38-C3F9-4efb-9B51-7695ECA05670}
061 C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation) {1CDB2949-8F65-4355-8456-263E7C208A5D}
061 C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation) {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
061 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
061 C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation) {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
061 Y:\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll (Sony Ericsson Mobile Communications AB) {A5110426-177D-4e08-AB3F-785F10B4439C}
061 * Y:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll (TuneUp Software GmbH) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
061 * C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software GmbH) {44440D00-FF19-4AFC-B765-9A0970567D97}
061 C:\DOCUME~1\Corey\Desktop\winzip\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
061 C:\DOCUME~1\Corey\Desktop\winzip\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79305-84BE-11CE-9641-444553540000}
061 C:\DOCUME~1\Corey\Desktop\winzip\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79306-84BE-11CE-9641-444553540000}
061 * C:\Program Files\Yahoo!\Common\YMMAPI.dll (Yahoo! Inc.) {5464D816-CF16-4784-B9F3-75C0DB52B499}
062 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
069 C:\WINDOWS\system32\mdimon.dll (Microsoft Corporation)
073 1-Click Maintenance.job : Y:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe (TuneUp Software GmbH)
073 At1.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At10.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At11.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At12.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At13.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At14.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At15.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At16.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At17.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At18.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At19.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At2.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At20.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At21.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At22.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At23.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At24.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At25.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At26.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At27.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At28.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At29.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At3.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At30.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At31.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At32.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At33.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At34.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At35.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At36.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At37.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At38.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At39.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At4.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At40.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At41.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At42.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At43.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At44.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At45.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At46.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At47.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At48.job : C:\WINDOWS\system32\QckD68Xe.exe
073 At5.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At6.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At7.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At8.job : C:\WINDOWS\system32\Gbf8HmKF.exe
073 At9.job : C:\WINDOWS\system32\Gbf8HmKF.exe
100 ProxyServer HKCU : :0
102 GUID / CLSID not found {32683183-48a0-441b-a342-7c2a440a9478}
102 GUID / CLSID not found {4528BBE0-4E08-11D5-AD55-00010333D0AD}
102 GUID / CLSID not found {4528BBE0-4E08-11D5-AD55-00010333D0AD}
104 GUID / CLSID not found {00000161-9980-0010-8000-00AA00389B71}
104 C:\WINDOWS\DOWNLO~1\xscan60.ocx (Trend Micro Inc.) {04E214E5-63AF-4236-83C6-A7ADCBF9BD02}
104 * C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Yahoo! Inc.) {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
104 GUID / CLSID not found {33564D57-9980-0010-8000-00AA00389B71}
104 * C:\WINDOWS\Downloaded Program Files\WMAcceptor.dll (Computer and Information Technologies) {463ED66E-431B-11D2-ADB0-0080C83DA4EB}
104 GUID / CLSID not found {5334504D-9980-0010-8000-00AA00389B71}
104 * C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll (Microsoft Corporation) {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
104 GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
105 E&xport to Microsoft Excel : res://Y:\OFFICE11\EXCEL.EXE/3000
107 C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
121 C:\WINDOWS\system32\karina.dat
171 C:\WINDOWS\system32\blphc5h1j0eter.scr (Sysinternals)
173 * Y:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll (TuneUp Software GmbH) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
173 C:\DOCUME~1\Corey\Desktop\winzip\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
173 * C:\Program Files\Yahoo!\Common\YMMAPI.dll (Yahoo! Inc.) {5464D816-CF16-4784-B9F3-75C0DB52B499}
221 * Y:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll (TuneUp Software GmbH) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
221 C:\DOCUME~1\Corey\Desktop\winzip\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
221 * C:\Program Files\Yahoo!\Common\YMMAPI.dll (Yahoo! Inc.) {5464D816-CF16-4784-B9F3-75C0DB52B499}
225 C:\DOCUME~1\Corey\Desktop\winzip\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
225 C:\DOCUME~1\Corey\Desktop\winzip\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
227 * Y:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll (TuneUp Software GmbH) {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
227 C:\DOCUME~1\Corey\Desktop\winzip\WZSHLSTB.DLL (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
229 C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation) {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
231 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info

Missing files
-------------
003 Z:\Program Files\BitTorrent\bittorrent.exe
003 C:\Program Files\MSN Messenger\msnmsgr.exe
010 C:\Program Files\Bonjour\mDNSResponder.exe
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 D:\INSTALL\GMSIPCI.SYS
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\IntelIde.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\sysrest.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\klif.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\ViaIde.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys

Hey GodSpeed005,

1) Run Runscanner fix :

Download the attachment at the end of this post (this will be your runscanner file fixed by me)

• Save it to your desktop then double click the runscanner.run this will run the program.
• You will notice several entries in red and in blue.
• Clic the button at the top the called Item fixer.
• Click the button at the top called Fix selected items
• Accept the warning(s) and repeat until they are all gone.
• Reboot your PC

2) Run Combofix :

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Regards,
Egwene.

This post has been edited by Egwene: Aug 28 2008, 02:13 AM

Attached is the ComboFix.txt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:23 AM, on 8/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
Y:\ewido\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
Y:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
Y:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] Y:\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "Y:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "Y:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://Y:\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Y:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Y:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1111515338625
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O21 - SSODL: jLWTGGPxSObryYYz - {34EEC114-9E44-6BBE-1F14-8A68640D635C} - C:\WINDOWS\system32\vyk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - Y:\ewido\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe

--
End of file - 6044 bytes


This post has been edited by GodSpeed005: Aug 30 2008, 09:45 AM

Hey GodSpeed005,

Please do not attach your logs unles i asked you to di it

Could you please post combofix repport in your next answer ?

Regards,
Egwene.

This post has been edited by Egwene: Aug 31 2008, 06:23 AM

ComboFix log is attached.

Hey

I think you haven't understand what you are expected to do : please do NOT attach your log, but copy and paste it in your next answer.

Regards,
Egwene.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.