Trojan.zlob g

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:35, on 12/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zune\ZuneLauncher.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\shinikwa\Desktop\Hijack(GP)This.exe

O1 - Hosts: 87.118.118.162 nprotect.roseonlinegame.com
O1 - Hosts: 87.118.118.162 update.nprotect.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182585716703
O17 - HKLM\System\CCS\Services\Tcpip\..\{72BD160A-5A6F-449D-9682-A0DFCEC3282F}: NameServer = 68.4.16.30,68.6.16.30
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 5282 bytes


i think that is what i'm supposed to post. let me know if there is any other information needed as this is really annoying =_=

Hello.

• Download combofix from here, use the top links - combofix.exe
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 08-12-14.02 - shinikwa 2008-12-14 12:15:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1024.254 [GMT -8:00]
Running from: c:\documents and settings\shinikwa\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\shinikwa\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.

2008-12-14 11:44 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-13 16:20 . c:\windows\RebirthRO Full Client
2008-12-10 21:28 . 2008-12-10 21:29 d-------- c:\program files\Spyware Doctor
2008-12-10 21:28 . 2008-12-10 21:28 d-------- c:\documents and settings\shinikwa\Application Data\PC Tools
2008-12-10 21:28 . 2008-06-10 21:22 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-10 21:28 . 2008-06-02 15:19 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-10 21:28 . 2008-06-02 15:19 42,376 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-10 21:28 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-10 21:26 . 2008-12-10 21:26 d-------- c:\program files\Common Files\Download Manager
2008-12-10 21:23 . 2008-12-10 21:33 d-------- c:\program files\Perfect Defender 2009
2008-11-26 16:12 . 2008-11-26 16:12 d-------- c:\documents and settings\shinikwa\Application Data\Acreon
2008-11-20 22:50 . 2008-11-20 22:50 d-------- c:\program files\Daniusoft
2008-11-15 13:28 . 2008-11-15 13:29 d-------- c:\program files\Digital Physiognomy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 10:45 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-14 07:15 --------- d-----w c:\program files\Steam
2008-12-11 23:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-11 05:53 --------- d-----w c:\documents and settings\shinikwa\Application Data\AVG7
2008-12-10 00:38 --------- d-----w c:\documents and settings\shinikwa\Application Data\uTorrent
2008-12-08 03:21 27,736 ----a-w c:\documents and settings\shinikwa\Application Data\GDIPFONTCACHEV1.DAT
2008-11-29 21:20 --------- d-----w c:\program files\Trillian
2008-11-21 06:03 --------- d-----w c:\program files\Zune
2008-11-20 01:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-15 20:29 --------- d-----w c:\program files\World of Warcraft
2008-11-15 18:31 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-11-10 21:15 --------- d-----w c:\program files\Lavasoft
2008-11-10 21:15 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-10 21:13 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-10 20:23 60,032 ----a-w c:\windows\system32\ZuneBusEnum.exe
2008-11-10 20:23 243,840 ----a-w c:\windows\system32\ZuneWlanCfgSvc.exe
2008-11-10 20:09 73,728 ----a-w c:\windows\system32\ZuneUsbTransport.dll
2008-11-10 20:09 57,344 ----a-w c:\windows\system32\ZuneRegUtil.dll
2008-11-10 20:09 310,272 ----a-w c:\windows\system32\ZuneNetProxy.dll
2008-11-10 20:09 18,944 ----a-w c:\windows\system32\ZuneTcp2Udp.dll
2008-11-10 20:09 145,920 ----a-w c:\windows\system32\ZuneMTPZ.dll
2008-11-10 20:09 12,800 ----a-w c:\windows\system32\ZunePTDNS.dll
2008-10-31 03:47 --------- d-----w c:\program files\RROII
2008-10-31 03:47 --------- d-----w c:\program files\Ingenious
2008-10-27 04:34 --------- d-----w c:\program files\ImTOO
2008-10-26 23:35 --------- d-----w c:\program files\Speed Rose Online
2008-10-24 04:38 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-24 04:23 --------- d-----w c:\program files\Microsoft XNA
2008-10-24 04:20 --------- d-----w c:\program files\Microsoft SQL Server
2008-10-24 04:18 --------- d-----w c:\program files\Microsoft.NET
2008-10-24 04:11 --------- d-----w c:\program files\Microsoft Synchronization Services
2008-10-24 04:11 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-10-24 04:09 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-10-24 03:56 --------- d-----w c:\program files\Microsoft SDKs
2008-10-24 03:53 --------- d-----w c:\program files\Reference Assemblies
2008-10-24 03:53 --------- d-----w c:\program files\MSBuild
2008-10-24 03:39 --------- d-----w c:\program files\MSXML 6.0
2008-10-24 03:15 0 ---ha-w c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-10-24 03:15 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-10-24 03:14 0 ---ha-w c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-10-19 23:54 --------- d-----w c:\program files\Perfect World Entertainment
2008-10-19 23:46 --------- d-----w c:\documents and settings\shinikwa\Application Data\GetRightToGo
2008-10-15 00:37 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2007-08-30 02:41 604 ---ha-w c:\program files\STLL Notifier
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"WinDNN"="c:\documents and settings\shinikwa\Application Data\Google\klnxv19819115.exe" [2008-12-09 123392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-11-14 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-22 19:08 450646 c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ShortKeys 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ShortKeys 2.lnk
backup=c:\windows\pss\ShortKeys 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless USB 2.0 WLAN Card Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk
backup=c:\windows\pss\Wireless USB 2.0 WLAN Card Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^shinikwa^Start Menu^Programs^Startup^Trillian.lnk]
path=c:\documents and settings\shinikwa\Start Menu\Programs\Startup\Trillian.lnk
backup=c:\windows\pss\Trillian.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^shinikwa^Start Menu^Programs^Startup^V CAST Music Monitor.lnk]
path=c:\documents and settings\shinikwa\Start Menu\Programs\Startup\V CAST Music Monitor.lnk
backup=c:\windows\pss\V CAST Music Monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 14:35 67112 c:\progra~1\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-06-27 15:38 580096 c:\progra~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenPrint32]
--a------ 2003-05-15 19:36 446464 c:\program files\ScreenPrint32 v3\ScreenPrint32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
--a------ 2002-04-26 16:17 102400 c:\windows\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-13 21:09 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-11-10 12:23 157312 c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\shinikwa\\Desktop\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-10 356920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [2008-07-10 47128]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.EXE [2007-06-06 61526]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);"c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [2008-07-10 369688]

*Newly Created Service* - NPKCRYPT
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-MSMQINST - c:\windows\system32\drivers\etc\msmqinst.exe
MSConfigStartUp-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {72BD160A-5A6F-449D-9682-A0DFCEC3282F} = 68.4.16.30,68.6.16.30
FF - ProfilePath - c:\documents and settings\shinikwa\Application Data\Mozilla\Firefox\Profiles\8t9da3v2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 12:16:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-14 12:17:44
ComboFix-quarantined-files.txt 2008-12-14 20:17:18

Pre-Run: 23,112,118,272 bytes free
Post-Run: 23,511,629,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

201 --- E O F --- 2007-12-30 02:34:56

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :processes
  explorer.exe
  
  :files
  c:\windows\system32\Agent.OMZ.Fix.exe
  c:\program files\Perfect Defender 2009
  c:\documents and settings\shinikwa\Application Data\Google\klnxv19819115.exe
  
  :reg
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "WinDNN"=-
  
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  [reboot]
  
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder c:\windows\system32\Agent.OMZ.Fix.exe not found.
File/Folder c:\program files\Perfect Defender 2009 not found.
File/Folder c:\documents and settings\shinikwa\Application Data\Google\klnxv19819115.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinDNN not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\shinikwa\LOCALS~1\Temp\etilqs_u7AOdDDulMvL3eEkQ3wC scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\shinikwa\Local Settings\Application Data\Mozilla\Firefox\Profiles\8t9da3v2.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\shinikwa\Local Settings\Application Data\Mozilla\Firefox\Profiles\8t9da3v2.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\shinikwa\Local Settings\Application Data\Mozilla\Firefox\Profiles\8t9da3v2.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\shinikwa\Local Settings\Application Data\Mozilla\Firefox\Profiles\8t9da3v2.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\shinikwa\Local Settings\Application Data\Mozilla\Firefox\Profiles\8t9da3v2.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\shinikwa\Local Settings\Application Data\Mozilla\Firefox\Profiles\8t9da3v2.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12142008_122533

Files moved on Reboot...
File C:\DOCUME~1\shinikwa\LOCALS~1\Temp\etilqs_u7AOdDDulMvL3eEkQ3wC not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\shinikwa\Local Settings\Application Data\Mozilla\Firefox\Profiles\8t9da3v2.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\shinikwa\Local Settings\Application Data\Mozilla\Firefox\Profiles\8t9da3v2.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\shinikwa\Local Settings\Application Data\Mozilla\Firefox\Profiles\8t9da3v2.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\shinikwa\Local Settings\Application Data\Mozilla\Firefox\Profiles\8t9da3v2.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\shinikwa\Local Settings\Application Data\Mozilla\Firefox\Profiles\8t9da3v2.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\shinikwa\Local Settings\Application Data\Mozilla\Firefox\Profiles\8t9da3v2.default\XUL.mfl moved successfully.

Hmmm.
Still having problems?

no i don't think so.

thank you very very much =]

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  
• Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  - Examples of older versions in Add or Remove Programs:
  - Java 2 Runtime Environment, SE v1.4.2
  - J2SE Runtime Environment 5.0
  - J2SE Runtime Environment 5.0 Update 2
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
  

Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

• First, unzip it.
  
• Then run JavaRa.
  
• Select English from the drop down menu and press Select.
  
• This will open JavaRa.
  
• Press Remove older versions
  
• Press yes to the prompt.
  
• It will make a log file of what it's removed.
  
• Copy and paste the log back here.
  

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.