Trojan.Zlob.G Please Help

Hello, yet another guy with trojan.zlob.g. The Security Center Alert pops up and said it blocked Trojan.Zlob.G.
I cannot open IE or Firefox, and if it does open, it closes within a few seconds. I would appreciate your help. I am on another computer now.
Thank you.

after reading through some solution to this problem in the forum, i ran combofix.
this is the log:

ComboFix 08-12-06.06 - BILLY 2008-12-07 11:33:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1293 [GMT 0:00]
Running from: K:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\BILLY\Application Data\Google\kjzna1562565.exe
d:\documents and settings\BILLY\My Documents\Online Security Guide.url
d:\documents and settings\BILLY\My Documents\Security Troubleshooting.url
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-11-30 21:53 . 2008-11-30 21:54 d-------- d:\program files\iTunes
2008-11-30 21:53 . 2008-11-30 21:53 d-------- d:\program files\iPod
2008-11-30 21:53 . 2008-11-30 21:54 d-------- d:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 21:51 . 2008-11-30 21:52 d-------- d:\program files\QuickTime
2008-11-22 19:37 . 2008-11-22 19:37 d-------- d:\program files\Sierra Entertainment
2008-11-20 20:44 . 2008-11-20 20:44 42,320 --a------ d:\windows\system32\xfcodec.dll
2008-11-16 18:37 . 2008-11-16 18:37 d-------- d:\documents and settings\LocalService\Application Data\agi
2008-11-16 18:37 . 2008-11-16 18:37 2,117,632 --a------ d:\windows\system32\python25.dll
2008-11-16 18:37 . 2008-09-16 16:26 1,332,197 --a------ d:\windows\system32\pythondll.zip
2008-11-16 18:37 . 2008-11-16 18:37 339,968 --a------ d:\windows\system32\pythoncom25.dll
2008-11-16 18:37 . 2008-11-16 18:37 114,688 --a------ d:\windows\system32\pywintypes25.dll
2008-11-12 16:46 . 2008-09-04 17:15 1,106,944 -----c--- d:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:41 . 2008-10-24 11:21 455,296 -----c--- d:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 11:37 --------- d-----w d:\documents and settings\All Users\Application Data\Kontiki
2008-12-07 11:30 --------- d-----w d:\documents and settings\BILLY\Application Data\DNA
2008-12-07 10:44 --------- d-----w d:\documents and settings\BILLY\Application Data\LimeWire
2008-12-07 10:27 --------- d-----w d:\documents and settings\All Users\Application Data\Google Updater
2008-12-07 10:13 --------- d-----w d:\program files\Common Files\Symantec Shared
2008-12-06 10:40 --------- d-----w d:\documents and settings\BILLY\Application Data\InstallShield
2008-12-06 10:40 --------- d-----w d:\documents and settings\BILLY\Application Data\BitTorrent
2008-12-06 10:40 --------- d-----w d:\documents and settings\BILLY\Application Data\Apple Computer
2008-12-04 19:00 --------- d-----w d:\program files\Xfire
2008-11-30 21:53 --------- d-----w d:\program files\Common Files\Apple
2008-11-30 21:43 --------- d-----w d:\program files\Safari
2008-11-29 20:00 137,480 ----a-w d:\windows\system32\drivers\PnkBstrK.sys
2008-11-29 19:59 183,120 ----a-w d:\windows\system32\PnkBstrB.exe
2008-11-25 16:15 --------- d-----w d:\documents and settings\BILLY\Application Data\Xfire
2008-11-22 19:35 --------- d--h--w d:\program files\InstallShield Installation Information
2008-11-16 19:44 --------- d-----w d:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-16 18:53 --------- d-----w d:\program files\Messenger Plus! Live
2008-11-15 20:04 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-07 14:23 32,000 ----a-w d:\windows\system32\drivers\usbaapl.sys
2008-10-24 11:21 455,296 ----a-w d:\windows\system32\drivers\mrxsmb.sys
2008-10-23 18:58 --------- d-----w d:\program files\Common Files\Wise Installation Wizard
2008-10-23 18:58 --------- d-----w d:\program files\AGEIA Technologies
2008-10-23 18:34 66,872 ----a-w d:\windows\system32\PnkBstrA.exe
2008-10-23 18:34 22,328 ----a-w d:\documents and settings\BILLY\Application Data\PnkBstrK.sys
2008-10-23 18:34 2,250,024 ----a-w d:\windows\system32\pbsvc.exe
2008-10-23 18:29 --------- d-----w d:\program files\Ubisoft
2008-10-16 14:13 202,776 ----a-w d:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w d:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w d:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w d:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w d:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w d:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w d:\windows\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w d:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w d:\windows\system32\muweb.dll
2008-10-02 09:07 453,152 ----a-w d:\windows\system32\NVUNINST.EXE
2008-09-22 20:05 107,888 ----a-w d:\windows\system32\CmdLineExt.dll
2008-09-22 17:26 6,242 ----a-w d:\windows\system32\ealregsnapshot1.reg
2008-09-15 12:12 1,846,400 ----a-w d:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w d:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Comrade.exe"="d:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
"BitTorrent DNA"="d:\program files\DNA\btdna.exe" [2008-08-24 289088]
"kdx"="d:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"EA Core"="d:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"AdobeUpdater"="d:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-07 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="d:\program files\Norton Internet Security\osCheck.exe" [2008-02-06 718704]
"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-24 185896]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"4oD"="d:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"dvd43"="d:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"PrintServer Diagnostic"="d:\program files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 266240]
"AppleSyncNotifier"="d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 d:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 d:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 d:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\BILLY\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
OneNote Table Of Contents.onetoc2 [2008-08-30 3656]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-01 113664]
Belkin Wireless Networking Utility.lnk - d:\program files\Belkin\F5D8051v2\Belkinwcui.exe [2008-08-24 1576960]
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-24 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 d:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"d:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\Program Files\\Kontiki\\KService.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Program Files\\Xfire\\xfire.exe"=
"d:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"d:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"d:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-03 99376]
S3 COH_Mon;COH_Mon;\??\d:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-05 d:\windows\Tasks\Norton Internet Security - Run Full System Scan - BILLY.job
- d:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 05:05]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Smax4 - d:\documents and settings\BILLY\Application Data\Google\kjzna1562565.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com
mStart Page = hxxp://uk.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

d:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
d:\windows\Downloaded Program Files\OSDC5.OSD
FireFox -: Profile - d:\documents and settings\BILLY\Application Data\Mozilla\Firefox\Profiles\unsnwna2.default\
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF -: plugin - c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF -: plugin - d:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - d:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 11:37:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1288)
d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
d:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2008-12-07 11:38:52
ComboFix-quarantined-files.txt 2008-12-07 11:38:38

Pre-Run: 53,768,531,968 bytes free
Post-Run: 55,059,988,480 bytes free

208 --- E O F --- 2008-11-13 19:46:14

Looks good, what problems remain?

the problem seems to have disapeared, i havnt rebooted since the scan was run, however there are not any notible effects at present. i am concerned that the registry is still affected, and the problem will reoccur when i reboot. is there any way to check?

Hello.
No, the registry is fine, there's no more run value from the problem. It should be fine now

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  
• Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  - Examples of older versions in Add or Remove Programs:
  - Java 2 Runtime Environment, SE v1.4.2
  - J2SE Runtime Environment 5.0
  - J2SE Runtime Environment 5.0 Update 2
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
  

Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

• First, unzip it.
  
• Then run JavaRa.
  
• Select English from the drop down menu and press Select.
  
• This will open JavaRa.
  
• Press Remove older versions
  
• Press yes to the prompt.
  
• It will make a log file of what it's removed.
  
• Copy and paste the log back here.
  

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.