im having problems with my home page, ive tried different scans to no avail. i use yahoo and am unable to click on any links, i can enter my username and pswd for mail but mail woLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:11 PM, on 8/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (disabled by BHODemon)
O2 - BHO: (no name) - {8EA86503-476F-476A-A55A-7225082DF3EB} - (no file)
O2 - BHO: (no name) - {a33fa729-d155-4b23-842b-2c665ecabdb6} - (no file)
O3 - Toolbar: (no name) - {a33fa729-d155-4b23-842b-2c665ecabdb6} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BMdf309e00] Rundll32.exe "C:\WINDOWS\system32\luusncil.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203037225546
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u...ows-i586-jc.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A3B70D9-FE05-48F0-A8B5-6801F71767DC}: NameServer = 24.92.226.40,24.92.226.41
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 24.92.226.40 24.92.226.41
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A3B70D9-FE05-48F0-A8B5-6801F71767DC}: NameServer = 24.92.226.40,24.92.226.41
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 24.92.226.40 24.92.226.41
O17 - HKLM\System\CS3\Services\Tcpip\..\{0A3B70D9-FE05-48F0-A8B5-6801F71767DC}: NameServer = 24.92.226.40,24.92.226.41
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 24.92.226.40 24.92.226.41
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\DEFEND~2\DEFEND~1.0\adialhk.dll
O20 - Winlogon Notify: khfEWOHx - khfEWOHx.dll (file missing)
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Defender Pro Internet Security (AVP) - Defender Pro - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\avz.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 7192 bytes
nt load, im unable to acces other websites as w


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:30 PM, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (disabled by BHODemon)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203037225546
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u...ows-i586-jc.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A3B70D9-FE05-48F0-A8B5-6801F71767DC}: NameServer = 24.92.226.40,24.92.226.41
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A3B70D9-FE05-48F0-A8B5-6801F71767DC}: NameServer = 24.92.226.40,24.92.226.41
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 24.92.226.40 24.92.226.41
O17 - HKLM\System\CS3\Services\Tcpip\..\{0A3B70D9-FE05-48F0-A8B5-6801F71767DC}: NameServer = 24.92.226.40,24.92.226.41
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 7357 bytes



This post has been edited by gabber8: Sep 1 2008, 10:36 AM

Hi and welcome to the forums here at G2G! I hope we can help you out. Let's get started...

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
   
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   
   
   -----------------------------------------------------------
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

this is the combo fix log, how does it look for me?

ComboFix 08-08-31.01 - Mark E 2008-09-01 12:21:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.576 [GMT -4:00]
Running from: C:\Documents and Settings\Mark E\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mark E\Application Data\macromedia\Flash Player\#SharedObjects\WKE6UX25\bin.clearspring.com
C:\Documents and Settings\Mark E\Application Data\macromedia\Flash Player\#SharedObjects\WKE6UX25\interclick.com
C:\Documents and Settings\Mark E\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Mark E\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Paula\Application Data\macromedia\Flash Player\#SharedObjects\VEVMFDQ4\bin.clearspring.com
C:\Documents and Settings\Paula\Application Data\macromedia\Flash Player\#SharedObjects\VEVMFDQ4\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Paula\Application Data\macromedia\Flash Player\#SharedObjects\VEVMFDQ4\interclick.com
C:\Documents and Settings\Paula\Application Data\macromedia\Flash Player\#SharedObjects\VEVMFDQ4\interclick.com\ud.sol
C:\Documents and Settings\Paula\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Paula\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Paula\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Paula\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Paula\Cookies\paula@my.clearchannelradio[2].txt
C:\Documents and Settings\Paula\Cookies\paula@turn[2].txt
C:\Documents and Settings\Paula\Cookies\paula@vendorweb.citibank[2].txt
C:\Documents and Settings\Paula\Cookies\paula@vendorweb.citibank[3].txt
C:\WINDOWS\BMdf309e00.txt
C:\WINDOWS\BMdf309e00.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\drivers\msliksurserv.sys
C:\WINDOWS\system32\dxqqvrlj.exe
C:\WINDOWS\system32\gqnjrthe.ini
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\hqrqcwkb.exe
C:\WINDOWS\system32\jaxyfite.ini
C:\WINDOWS\system32\jlVuCcfe.ini
C:\WINDOWS\system32\jlVuCcfe.ini2
C:\WINDOWS\system32\kugfdgjx.exe
C:\WINDOWS\system32\lyaoovps.ini
C:\WINDOWS\system32\msliksurcredo.dll
C:\WINDOWS\system32\msliksurdns.dll
C:\WINDOWS\system32\qrnjghkv.ini
C:\WINDOWS\system32\SZComp5.dll
C:\WINDOWS\system32\twemoglh.ini
C:\WINDOWS\system32\uptdfkvk.ini
C:\WINDOWS\system32\xkxtqrtn.exe
C:\WINDOWS\system32\xykqaidm.ini
C:\Documents and Settings\Mark E\Application Data\inst.exe . . . . failed to delete
C:\Documents and Settings\Mark E\Cookies\mark e@ad.yieldmanager[2].txt . . . . failed to delete
C:\Documents and Settings\Mark E\Cookies\mark e@clicktorrent[1].txt . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.

2008-09-01 11:58 . 2008-09-01 11:58 <DIR> d-------- C:\VundoFix Backups
2008-09-01 11:49 . 2008-09-01 11:59 <DIR> d-------- C:\Program Files\Exterminate It!
2008-08-31 21:00 . 2008-08-31 21:00 <DIR> d-------- C:\Program Files\STOPzilla!
2008-08-31 21:00 . 2008-08-31 21:00 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-08-31 21:00 . 2008-09-01 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-08-31 21:00 . 2008-09-01 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-08-31 20:12 . 2008-08-31 20:12 <DIR> d-------- C:\WINDOWS\Google Toolbar
2008-08-31 13:52 . 2008-08-31 13:52 <DIR> d-------- C:\Program Files\Western Digital
2008-08-31 12:36 . 2008-08-31 12:36 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-29 17:18 . 2008-08-29 20:12 <DIR> d-------- C:\Program Files\Unlocker
2008-08-29 17:18 . 2008-08-29 17:18 <DIR> d-------- C:\Documents and Settings\Mark E\Application Data\Desktopicon
2008-08-29 16:08 . 2008-08-29 16:08 <DIR> d-------- C:\Program Files\BitTorrent
2008-08-29 16:08 . 2008-08-31 22:07 <DIR> d-------- C:\Documents and Settings\Mark E\Application Data\BitTorrent
2008-08-29 14:47 . 2008-08-29 14:47 40 --------- C:\WINDOWS\system32\ivireg.ivr
2008-08-29 14:11 . 2008-08-29 14:11 82 --a------ C:\WINDOWS\pbMv.INI
2008-08-29 13:55 . 2008-08-29 13:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-29 13:49 . 2008-08-29 13:49 <DIR> d-------- C:\Documents and Settings\Mark E\Application Data\Corel
2008-08-29 13:49 . 2008-08-29 14:06 3,350 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-08-29 13:49 . 2008-08-29 13:50 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\D1A6D79179.sys
2008-08-29 13:45 . 2008-08-29 13:45 <DIR> d-------- C:\Program Files\Real
2008-08-29 13:45 . 2008-08-29 13:55 <DIR> d-------- C:\Program Files\Common Files\Real
2008-08-29 13:43 . 2008-08-29 16:03 <DIR> d-------- C:\Program Files\Corel
2008-08-29 13:43 . 2007-01-24 15:27 255,848 --------- C:\WINDOWS\system32\xactengine2_6.dll
2008-08-29 11:49 . 2008-08-29 11:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-29 10:56 . 2008-08-29 10:56 6,144 --------- C:\WINDOWS\system32\Thumbs.db
2008-08-27 22:08 . 2008-08-27 22:08 230 --------- C:\WINDOWS\system32\spupdsvc.inf
2008-08-27 19:15 . 2008-08-27 19:28 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-27 06:41 . 2008-08-27 06:41 <DIR> d-------- C:\Documents and Settings\Mark E\Application Data\Defender Pro
2008-08-27 06:40 . 2008-08-27 06:40 <DIR> d-------- C:\Program Files\Common Files\Bluecase
2008-08-27 06:30 . 2008-08-27 06:31 <DIR> d-------- C:\Documents and Settings\Mark E\Application Data\AdwareAlert
2008-08-25 15:36 . 2008-08-25 15:36 17,408 -ra------ C:\WINDOWS\system32\SZIO5.dll
2008-08-25 15:35 . 2008-08-25 15:35 262,144 -ra------ C:\WINDOWS\system32\SZBase5.dll
2008-08-21 14:39 . 2008-08-21 14:39 364,544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll
2008-08-21 14:39 . 2008-08-21 14:39 126,976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll
2008-08-21 14:38 . 2008-08-21 14:38 372,736 -ra------ C:\WINDOWS\system32\IS3UI5.dll
2008-08-21 14:38 . 2008-08-21 14:38 61,440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll
2008-08-21 14:38 . 2008-08-21 14:38 23,040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll
2008-08-21 14:37 . 2008-08-21 14:37 212,992 -ra------ C:\WINDOWS\system32\IS3Win325.dll
2008-08-21 14:37 . 2008-08-21 14:37 94,208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll
2008-08-21 14:37 . 2008-08-21 14:37 90,112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll
2008-08-21 14:34 . 2008-08-21 14:34 708,608 -ra------ C:\WINDOWS\system32\IS3Base5.dll
2008-08-19 06:39 . 2008-08-29 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Defender Pro
2008-08-19 06:39 . 2008-08-19 06:39 3,120 --------- C:\WINDOWS\system32\DRWSJLAD.ocx
2008-08-19 06:39 . 2008-08-19 06:39 3,120 --a------ C:\WINDOWS\LJRGKDD9.ocx
2008-08-18 21:25 . 2008-08-18 21:26 <DIR> d-------- C:\Documents and Settings\Mark E\Application Data\U3
2008-08-18 21:04 . 2008-08-18 21:04 <DIR> d-------- C:\Documents and Settings\Mark E\Application Data\Bin
2008-08-18 19:26 . 2008-08-27 06:40 <DIR> d-------- C:\Program Files\Defender Pro
2008-08-18 19:26 . 2007-08-14 17:25 4,244,744 --------- C:\WINDOWS\system32\qtp-mt334.dll
2008-08-18 19:26 . 2007-08-14 17:24 247,560 --------- C:\WINDOWS\system32\prgiso.dll
2008-08-18 19:26 . 2007-08-14 17:25 13,576 --------- C:\WINDOWS\system32\wnaspi32.dll
2008-08-18 19:25 . 2008-08-18 19:25 <DIR> d-------- C:\WINDOWS\AntiSpy
2008-08-18 19:25 . 2008-08-18 19:25 137 --a------ C:\WINDOWS\tsiwinfile.dat
2008-08-11 13:22 . 2008-08-11 13:22 39,680 -ra------ C:\WINDOWS\system32\drivers\SZKG.sys
2008-08-10 15:50 . 2008-08-10 15:50 <DIR> d-------- C:\Program Files\FLV Player
2008-08-09 12:18 . 2008-08-10 15:19 <DIR> d-------- C:\Documents and Settings\Mark E\Application Data\Apple Computer
2008-08-09 12:12 . 2008-08-09 12:12 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-09 12:12 . 2008-08-29 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-09 12:12 . 2008-08-09 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-07 19:20 . 2008-08-07 19:20 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-07 19:20 . 2008-08-07 19:20 <DIR> d-------- C:\Program Files\LimeWire
2008-08-03 13:49 . 2008-08-03 13:49 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-08-03 13:49 . 2008-08-07 19:20 <DIR> d-------- C:\Program Files\AGEIA Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 16:24 --------- d-----w C:\Program Files\DNA
2008-09-01 16:24 --------- d-----w C:\Documents and Settings\Mark E\Application Data\DNA
2008-09-01 00:22 --------- d-----w C:\Program Files\Google
2008-09-01 00:20 --------- d-----w C:\Program Files\Roxio
2008-09-01 00:16 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-09-01 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-08-31 19:27 3,532 ----a-w C:\drmHeader.bin
2008-08-30 15:32 --------- d-----w C:\Program Files\Sprint Instinct Applications
2008-08-29 20:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-29 17:38 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2008-08-28 00:06 --------- d-----w C:\Program Files\SlySoft
2008-08-20 07:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-19 22:37 --------- d-----w C:\Program Files\Winamp
2008-08-19 16:20 --------- d-----w C:\Documents and Settings\Paula\Application Data\BitTorrent
2008-08-19 16:20 --------- d-----w C:\Documents and Settings\Mark E\Application Data\LimeWire
2008-08-18 23:17 --------- d-----w C:\Program Files\RegistryFix
2008-08-18 23:16 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-18 23:16 --------- d-----w C:\Documents and Settings\Mark E\Application Data\SUPERAntiSpyware.com
2008-08-18 23:14 --------- d-----w C:\Program Files\Lavasoft
2008-08-18 23:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-09 16:13 --------- d-----w C:\Program Files\QuickTime
2008-08-03 17:24 --------- d-----w C:\Documents and Settings\Mark E\Application Data\Roxio
2008-07-19 15:28 --------- d-----w C:\Documents and Settings\Mark E\Application Data\Smith Micro
2008-07-19 15:25 --------- d-----w C:\Program Files\Samsung
2008-07-19 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tarma Installer
2008-07-13 22:21 32,549 ----a-w C:\WINDOWS\king-uninstall.exe
2008-07-10 22:22 --------- d-----w C:\Program Files\The_Pirate_Bay
2008-07-04 11:12 316,672 ----a-w C:\WINDOWS\KingComIE.dll
2008-06-05 07:59 222,552 ------w C:\WINDOWS\RM.exe
2008-05-31 23:38 87,608 ------w C:\Documents and Settings\Mark E\Application Data\inst.exe
2008-05-31 23:38 47,360 ----a-w C:\Documents and Settings\Mark E\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-08-29 16:08 342848]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-31 13:55 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-08-29 13:54 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-29 13:54 185896]

C:\Documents and Settings\Paula\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

[HKLM\~\startupfolder\C:^Documents and Settings^Mark E^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Mark E\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--------- 2006-02-28 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--------- 2007-06-13 00:55 162584 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--------- 2007-06-13 00:56 142104 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
--a------ 2007-03-06 15:51 212992 C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--------- 2007-06-13 00:55 138008 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-03 06:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2007-08-10 03:21 16384000 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2007-08-03 01:22 1826816 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-08-11 13:22]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe [2007-04-05 11:29]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2004-11-25 22:55]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe []
S3 FXDrv32;FXDrv32;D:\FXDrv32.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{316ca944-dacf-11dc-8d7c-806d6172696f}]
\Shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6ed6d14-6d8d-11dd-8017-001c106c86af}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdb4ec2a-760f-11dd-803a-001c106c86af}]
\Shell\AutoRun\command - E:\wdsync.exe

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
MSConfigStartUp-AdwareAlert - C:\Program Files\AdwareAlert\AdwareAlert.exe
MSConfigStartUp-AVP - C:\Program Files\Defender Pro\Defender Pro Internet Security 6.0\Avp.exe
MSConfigStartUp-BMdf309e00 - C:\WINDOWS\system32\luusncil.dll
MSConfigStartUp-LaunchAntiSpy - C:\Program Files\TScutyNT.exe
MSConfigStartUp-zSPGuard - c:\program files\pjw\spguard\spguard.exe
MSConfigStartUp-DXDllRegExe - dxdllreg.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mark E\Application Data\Mozilla\Firefox\Profiles\nlzq0k9q.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://cm.my.yahoo.com/
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmidas.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 12:24:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
.
**************************************************************************
.
Completion time: 2008-09-01 12:26:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-01 16:26:18

Pre-Run: 180,306,112,512 bytes free
Post-Run: 180,711,280,640 bytes free

257 --- E O F --- 2008-09-01 07:01:20

Hi,

You don't need to go back to edit your first post when you post an updated HijackThis log. Just post right in the new reply or make another reply if the logs are too long and get cut off...thanks.

First, use Use ATF Cleaner to remove temp files,
cookies, cache, ect...
Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and Paste the entire report in your next reply along with a Hijackthis log.

Let me know how it's running now too please.

Any update here? Still need help?

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.