So i think this is the right place to post but here goes.
I ran spybot the other day, and it found some command service crap, that (i think) has been really messing with my computer. Spybot says it needs to run on restart to remove it. When i restart spybot doesn't run. In addition to that problem my nortons antivirus has been going crazy since I got this. The auto protect can't turn on anymore and is just allowing for more crap to flood into my comp. Plz help!

Hi Nicksilver and welcome to spybot.info :)

Please follow the instructions here -> "BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D (http://forums.spybot.info/showthread.php?t=288)

So follow the instructions and post a HijackThis log to here.
(Step 4)

here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 6:41:37 PM, on 10/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Nick\302.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\bmQ\command.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msgr.exe
C:\Program Files\Steam\steam.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hIJAKTHIS\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=explorer.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Nick\302.exe
O4 - HKLM\..\Run: [_mzu_stonedrv7] c:\windows\system32\_mzu_stonedrv7.exe
O4 - HKLM\..\Run: [xzrf5782] RUNDLL32.EXE wab2914d.dll,n 005f577d0000000aab2914d
O4 - HKLM\..\RunServices: [_mzu_stonedrv7] c:\windows\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [rozf] C:\PROGRA~1\COMMON~1\rozf\rozfm.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [_mzu_stonedrv7] c:\windows\system32\_mzu_stonedrv7.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab50997.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156722691906
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\lv2u09f9e.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bmQ\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Hi Nicksilver, you're quite badly infected...

One or more of the identified infections steal information. If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this (http://www.dslreports.com/faq/10451) article too.

Please don't use LimeWire or other P2P programs during the cleaning process.

Please rename HijackThis.exe to Scanner.exe

Then we'll begin: Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Also, please run a GMER Rootkit scan:

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

Here is my combofix log and next hijackthislog. Sorry for the delay between responses full time student and job keeps me busy:P.

Nick - 06-10-19 11:57:16.95 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Nick\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{A1D49041-2756-4490-AF62-75355F327920}]
@=""

[HKEY_CLASSES_ROOT\clsid\{A1D49041-2756-4490-AF62-75355F327920}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{A1D49041-2756-4490-AF62-75355F327920}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{A1D49041-2756-4490-AF62-75355F327920}\InprocServer32]
@="C:\\WINDOWS\\system32\\doskperf.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\doskperf.dll
C:\WINDOWS\system32\hr4u05h9e.dll
C:\WINDOWS\system32\hr8m05l1e.dll


Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\GZZZM89P\dfndrff_e_uit[1].exe
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\Q18BE965\drsmartload44a[1].exe
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\Q18BE965\nwnmff_e[1].exe
C:\Program Files\Common Files\{0C96FF6C-07D0-1033-0826-051019050001}
C:\Program Files\Common Files\{3C96FF6C-07D0-1033-0826-051019050001}
C:\Program Files\Deskbar


((((((((((((((((((((((((((((((( Files Created from 2006-09-19 to 2006-10-19 ))))))))))))))))))))))))))))))))))


2006-10-18 19:32 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-10-18 19:03 52,161 --a------ C:\Documents and Settings\Nick\mt-uninstaller.exe
2006-10-18 19:03 114,176 --a------ C:\Documents and Settings\Nick\love.exe
2006-10-18 00:22 26,272 --a------ C:\WINDOWS\system32\_mzu_stonedrv7.exe
2006-10-18 00:22 157,696 --a------ C:\Documents and Settings\Nick\302.exe
2006-10-18 00:22 109,056 --a------ C:\Documents and Settings\Nick\drsmartload1135a.exe
2006-10-18 00:22 1,259 --a------ C:\WINDOWS\system32\xzrf5782.sys
2006-10-18 00:21 1,886 --a------ C:\Documents and Settings\Nick\ah.exe
2006-10-16 18:25 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-10-16 18:25 48,000 --a------ C:\WINDOWS\system32\drivers\OVCam2.sys
2006-10-16 18:25 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2006-10-16 18:25 41,984 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2006-10-16 18:25 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2006-10-16 18:25 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
2006-10-16 18:25 28,032 --a------ C:\WINDOWS\system32\drivers\OVCD.sys
2006-10-16 18:25 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2006-10-16 18:25 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2006-10-15 22:21 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-10-15 22:21 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-10-15 21:29 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-10-08 14:10 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2006-10-07 11:22 651,264 -ra------ C:\WINDOWS\system32\libeay32.dll
2006-10-07 11:22 450,560 -ra------ C:\WINDOWS\system32\AegisE5.dll
2006-10-07 11:22 327,680 -ra------ C:\WINDOWS\system32\AegisE2.dll
2006-10-07 11:22 147,456 -ra------ C:\WINDOWS\system32\ssleay32.dll
2006-10-07 11:22 114,688 --a------ C:\WINDOWS\system32\athcfg10.dll
2006-10-07 11:21 21,760 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-09-30 13:03 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-09-30 12:53 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2006-09-24 17:56 299,520 --a------ C:\WINDOWS\uninst.exe
2006-09-24 17:55 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-09-23 19:14 245,408 --a------ C:\WINDOWS\system32\unicows.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-10-19 11:57 -------- d-------- C:\Program Files\Common Files
2006-10-18 19:32 -------- d-------- C:\Program Files\MSN Messenger
2006-10-18 19:32 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-18 19:30 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-18 17:41 -------- d-------- C:\Program Files\Steam
2006-10-18 00:26 -------- d-------- C:\Program Files\Common Files\rozf
2006-10-18 00:22 26272 --a------ C:\WINDOWS\system32\_mzu_stonedrv7.exe
2006-10-15 22:35 -------- d-------- C:\Program Files\SymNetDrv
2006-10-15 22:35 -------- d-------- C:\Program Files\Symantec
2006-10-14 16:25 -------- d---s---- C:\Documents and Settings\Nick\Application Data\Microsoft
2006-10-11 22:18 -------- d-------- C:\Program Files\Internet Explorer
2006-10-11 22:13 -------- d-------- C:\Documents and Settings\Nick\Application Data\Sun
2006-10-11 22:06 -------- d-------- C:\Program Files\iTunes
2006-10-11 22:06 -------- d-------- C:\Program Files\iPod
2006-10-11 22:04 -------- d-------- C:\Program Files\QuickTime
2006-10-08 14:10 -------- d-------- C:\Documents and Settings\Nick\Application Data\Apple Computer
2006-10-07 12:48 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-07 11:07 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-30 13:11 -------- d-------- C:\Program Files\MSXML 4.0
2006-09-30 13:10 -------- d-------- C:\Program Files\Halo
2006-09-30 13:03 -------- d-------- C:\Program Files\Microsoft Office
2006-09-30 13:03 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-30 13:03 -------- d-------- C:\Program Files\Common Files\System
2006-09-30 13:03 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-30 13:03 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-24 18:05 -------- d-------- C:\Documents and Settings\Nick\Application Data\Help
2006-09-23 19:16 -------- d-------- C:\Program Files\Windows Media Player
2006-09-23 19:14 -------- d-------- C:\Program Files\MsnMusic
2006-09-16 00:22 -------- d-------- C:\Program Files\Palm
2006-09-14 00:16 -------- d-------- C:\Documents and Settings\Nick\Application Data\SiteAdvisor
2006-09-13 19:45 -------- d-------- C:\Documents and Settings\Nick\Application Data\Leadertech
2006-09-13 19:43 53248 --a------ C:\WINDOWS\PalmDevC.dll
2006-09-13 19:43 16694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys
2006-09-13 19:39 -------- d-------- C:\Documents and Settings\Nick\Application Data\HotSync
2006-09-10 22:53 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-10 22:53 -------- d-------- C:\Documents and Settings\Nick\Application Data\AdobeUM
2006-09-10 22:53 -------- d-------- C:\Documents and Settings\Nick\Application Data\Adobe
2006-09-07 18:57 -------- d-------- C:\Program Files\LimeWire
2006-09-07 18:57 -------- d-------- C:\Program Files\Java
2006-09-07 18:55 -------- d-------- C:\Program Files\Common Files\Java
2006-09-07 18:53 359112 --a------ C:\Program Files\LimeWireWin.exe
2006-08-29 18:18 -------- d-------- C:\Program Files\Teamspeak2_RC2
2006-08-29 18:18 -------- d-------- C:\Documents and Settings\Nick\Application Data\teamspeak2
2006-08-28 01:07 -------- d-------- C:\Program Files\World of Warcraft
2006-08-27 19:00 -------- d-------- C:\Documents and Settings\Nick\Application Data\Ventrilo
2006-08-27 18:58 -------- d-------- C:\Program Files\Ventrilo
2006-08-27 18:58 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-27 16:38 -------- d-------- C:\Documents and Settings\Nick\Application Data\Symantec
2006-08-27 16:29 -------- d-------- C:\Program Files\Adobe
2006-08-27 16:06 42300352 --a------ C:\Program Files\91.31_winxp2kmce_english_whql.exe
2006-08-27 16:06 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-27 15:56 -------- d-------- C:\Program Files\Direct X
2006-08-27 15:44 -------- d-------- C:\Documents and Settings\Nick\Application Data\Macromedia
2006-08-27 14:57 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-08-26 22:47 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-26 22:47 -------- d-------- C:\Documents and Settings\Nick\Application Data\Identities
2006-08-26 22:42 0 -rahs---- C:\MSDOS.SYS
2006-08-26 22:42 0 -rahs---- C:\IO.SYS
2006-08-26 22:42 0 --a------ C:\CONFIG.SYS
2006-08-26 22:42 0 --a------ C:\AUTOEXEC.BAT
2006-08-26 22:42 -------- d-------- C:\Program Files\xerox
2006-08-26 22:42 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-26 22:41 -------- d-------- C:\Program Files\Outlook Express
2006-08-26 22:41 -------- d-------- C:\Program Files\NetMeeting
2006-08-26 22:41 -------- d-------- C:\Program Files\Movie Maker
2006-08-26 22:41 -------- d-------- C:\Program Files\Common Files\Services
2006-08-26 22:40 -------- d-------- C:\Program Files\Online Services
2006-08-26 22:40 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-26 22:40 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-26 22:40 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-26 22:39 -------- d-------- C:\Program Files\Windows NT
2006-08-26 15:31 62 --ahs---- C:\Documents and Settings\Nick\Application Data\desktop.ini
2006-08-26 15:31 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-26 15:31 -------- d-------- C:\Program Files\Common Files\ODBC
2006-07-28 09:30 63768 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-07-28 09:30 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-07-28 09:30 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Steam"=""
"rozf"="C:\\PROGRA~1\\COMMON~1\\rozf\\rozfm.exe"
"_mzu_stonedrv7"="c:\\windows\\system32\\_mzu_stonedrv7.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"_mzu_stonedrv7"="c:\\windows\\system32\\_mzu_stonedrv7.exe"
"xzrf5782"="RUNDLL32.EXE wab2914d.dll,n 005f577d0000000aab2914d"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"_mzu_stonedrv7"="c:\\windows\\system32\\_mzu_stonedrv7.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv7"="c:\\windows\\system32\\_mzu_stonedrv7.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv7"="c:\\windows\\system32\\_mzu_stonedrv7.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Nick.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-10-19 11:57:58.31
C:\ComboFix.txt ... 06-10-19 11:57

Hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 12:02:23 PM, on 10/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\windows\system32\_mzu_stonedrv7.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\hIJAKTHIS\hijackthis\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
F2 - REG:system.ini: Shell=explorer.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [_mzu_stonedrv7] c:\windows\system32\_mzu_stonedrv7.exe
O4 - HKLM\..\Run: [xzrf5782] RUNDLL32.EXE wab2914d.dll,n 005f577d0000000aab2914d
O4 - HKLM\..\RunServices: [_mzu_stonedrv7] c:\windows\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [rozf] C:\PROGRA~1\COMMON~1\rozf\rozfm.exe
O4 - HKCU\..\Run: [_mzu_stonedrv7] c:\windows\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab50997.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156722691906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Im haveing trouble with the gmer scan. About 3 minutes in my computer restarts itself. Anyways I managed to copy a little bit of what gmer had. Thanks for the help.
GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-19 12:14:21
Windows 5.1.2600 Service Pack 1


---- System - GMER 1.0.11 ----

SSDT 861F7590 ZwConnectPort
SSDT 861D5230 ZwOpenProcess
SSDT 86282378 ZwOpenThread

SYSENTER ? F37B437E

---- Services - GMER 1.0.11 ----

Service C:\WINDOWS\System32:lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!

Hi again :)

Ok, we need to use another scanner then....

Download then install avg antirootkit (http://fileforum.betanews.com/detail/AVG_AntiRootkit/1154697799/1)
Follow the prompts to restart your pc. Then run the program and do an indepth search, when its finished press save results and post it in your next reply.

The in depth rootkit found nothing :P. Heres a fresh hijack this.
Logfile of HijackThis v1.99.1
Scan saved at 2:38:54 AM, on 10/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hIJAKTHIS\hijackthis\Scanner.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
F2 - REG:system.ini: Shell=explorer.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [_mzu_stonedrv7] c:\windows\system32\_mzu_stonedrv7.exe
O4 - HKLM\..\Run: [xzrf5782] RUNDLL32.EXE wab2914d.dll,n 005f577d0000000aab2914d
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [_mzu_stonedrv7] c:\windows\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [rozf] C:\PROGRA~1\COMMON~1\rozf\rozfm.exe
O4 - HKCU\..\Run: [_mzu_stonedrv7] c:\windows\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab50997.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://asp.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156722691906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Hi again :)

Ok good, please run combofix.exe again.

Please post a fresh combofix log to here when you're ready :bigthumb:

Heres the fresh combofix.
Nick - 06-10-21 13:25:41.99 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\hIJAKTHIS"

((((((((((((((((((((((((((((((( Files Created from 2006-09-21 to 2006-10-21 ))))))))))))))))))))))))))))))))))


2006-10-18 19:32 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-10-18 00:22 1,259 --a------ C:\WINDOWS\system32\xzrf5782.sys
2006-10-18 00:21 1,886 --a------ C:\Documents and Settings\Nick\ah.exe
2006-10-16 18:25 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-10-16 18:25 48,000 --a------ C:\WINDOWS\system32\drivers\OVCam2.sys
2006-10-16 18:25 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2006-10-16 18:25 41,984 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2006-10-16 18:25 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2006-10-16 18:25 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
2006-10-16 18:25 28,032 --a------ C:\WINDOWS\system32\drivers\OVCD.sys
2006-10-16 18:25 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2006-10-16 18:25 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2006-10-15 22:21 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-10-15 22:21 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-10-15 21:29 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-10-08 14:10 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2006-10-07 11:22 651,264 -ra------ C:\WINDOWS\system32\libeay32.dll
2006-10-07 11:22 450,560 -ra------ C:\WINDOWS\system32\AegisE5.dll
2006-10-07 11:22 327,680 -ra------ C:\WINDOWS\system32\AegisE2.dll
2006-10-07 11:22 147,456 -ra------ C:\WINDOWS\system32\ssleay32.dll
2006-10-07 11:22 114,688 --a------ C:\WINDOWS\system32\athcfg10.dll
2006-10-07 11:21 21,760 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-09-30 13:03 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-09-30 12:53 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2006-09-24 17:56 299,520 --a------ C:\WINDOWS\uninst.exe
2006-09-24 17:55 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-09-23 19:14 245,408 --a------ C:\WINDOWS\system32\unicows.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-21 02:35 -------- d-------- C:\Program Files\Common Files
2006-10-21 02:33 -------- d-------- C:\Program Files\GRISOFT
2006-10-20 17:29 -------- d-------- C:\Program Files\Steam
2006-10-20 01:07 -------- d-------- C:\Program Files\World of Warcraft
2006-10-20 01:07 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-19 12:00 -------- d-------- C:\Program Files\MSN Messenger
2006-10-18 19:30 -------- d-------- C:\Program Files\Norton Internet Security
2006-10-18 00:26 -------- d-------- C:\Program Files\Common Files\rozf
2006-10-15 22:35 -------- d-------- C:\Program Files\SymNetDrv
2006-10-15 22:35 -------- d-------- C:\Program Files\Symantec
2006-10-14 16:25 -------- d---s---- C:\Documents and Settings\Nick\Application Data\Microsoft
2006-10-11 22:18 -------- d-------- C:\Program Files\Internet Explorer
2006-10-11 22:13 -------- d-------- C:\Documents and Settings\Nick\Application Data\Sun
2006-10-11 22:06 -------- d-------- C:\Program Files\iTunes
2006-10-11 22:06 -------- d-------- C:\Program Files\iPod
2006-10-11 22:04 -------- d-------- C:\Program Files\QuickTime
2006-10-08 14:10 -------- d-------- C:\Documents and Settings\Nick\Application Data\Apple Computer
2006-10-07 12:48 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-07 11:07 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-30 13:11 -------- d-------- C:\Program Files\MSXML 4.0
2006-09-30 13:10 -------- d-------- C:\Program Files\Halo
2006-09-30 13:03 -------- d-------- C:\Program Files\Microsoft Office
2006-09-30 13:03 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-30 13:03 -------- d-------- C:\Program Files\Common Files\System
2006-09-30 13:03 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-30 13:03 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-24 18:05 -------- d-------- C:\Documents and Settings\Nick\Application Data\Help
2006-09-23 19:16 -------- d-------- C:\Program Files\Windows Media Player
2006-09-23 19:14 -------- d-------- C:\Program Files\MsnMusic
2006-09-16 00:22 -------- d-------- C:\Program Files\Palm
2006-09-14 00:16 -------- d-------- C:\Documents and Settings\Nick\Application Data\SiteAdvisor
2006-09-13 19:45 -------- d-------- C:\Documents and Settings\Nick\Application Data\Leadertech
2006-09-13 19:43 53248 --a------ C:\WINDOWS\PalmDevC.dll
2006-09-13 19:43 16694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys
2006-09-13 19:39 -------- d-------- C:\Documents and Settings\Nick\Application Data\HotSync
2006-09-10 22:53 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-10 22:53 -------- d-------- C:\Documents and Settings\Nick\Application Data\AdobeUM
2006-09-10 22:53 -------- d-------- C:\Documents and Settings\Nick\Application Data\Adobe
2006-09-07 18:57 -------- d-------- C:\Program Files\LimeWire
2006-09-07 18:57 -------- d-------- C:\Program Files\Java
2006-09-07 18:55 -------- d-------- C:\Program Files\Common Files\Java
2006-09-07 18:53 359112 --a------ C:\Program Files\LimeWireWin.exe
2006-08-29 18:18 -------- d-------- C:\Program Files\Teamspeak2_RC2
2006-08-29 18:18 -------- d-------- C:\Documents and Settings\Nick\Application Data\teamspeak2
2006-08-27 19:00 -------- d-------- C:\Documents and Settings\Nick\Application Data\Ventrilo
2006-08-27 18:58 -------- d-------- C:\Program Files\Ventrilo
2006-08-27 18:58 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-27 16:38 -------- d-------- C:\Documents and Settings\Nick\Application Data\Symantec
2006-08-27 16:29 -------- d-------- C:\Program Files\Adobe
2006-08-27 16:06 42300352 --a------ C:\Program Files\91.31_winxp2kmce_english_whql.exe
2006-08-27 16:06 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-27 15:56 -------- d-------- C:\Program Files\Direct X
2006-08-27 15:44 -------- d-------- C:\Documents and Settings\Nick\Application Data\Macromedia
2006-08-27 14:57 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-08-26 22:47 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-26 22:47 -------- d-------- C:\Documents and Settings\Nick\Application Data\Identities
2006-08-26 22:42 0 -rahs---- C:\MSDOS.SYS
2006-08-26 22:42 0 -rahs---- C:\IO.SYS
2006-08-26 22:42 0 --a------ C:\CONFIG.SYS
2006-08-26 22:42 0 --a------ C:\AUTOEXEC.BAT
2006-08-26 22:42 -------- d-------- C:\Program Files\xerox
2006-08-26 22:42 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-26 22:41 -------- d-------- C:\Program Files\Outlook Express
2006-08-26 22:41 -------- d-------- C:\Program Files\NetMeeting
2006-08-26 22:41 -------- d-------- C:\Program Files\Movie Maker
2006-08-26 22:41 -------- d-------- C:\Program Files\Common Files\Services
2006-08-26 22:40 -------- d-------- C:\Program Files\Online Services
2006-08-26 22:40 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-26 22:40 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-26 22:40 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-26 22:39 -------- d-------- C:\Program Files\Windows NT
2006-08-26 15:31 62 --ahs---- C:\Documents and Settings\Nick\Application Data\desktop.ini
2006-08-26 15:31 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-26 15:31 -------- d-------- C:\Program Files\Common Files\ODBC
2006-07-28 09:30 63768 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-07-28 09:30 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-07-28 09:30 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Steam"=""
"rozf"="C:\\PROGRA~1\\COMMON~1\\rozf\\rozfm.exe"
"_mzu_stonedrv7"="c:\\windows\\system32\\_mzu_stonedrv7.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"_mzu_stonedrv7"="c:\\windows\\system32\\_mzu_stonedrv7.exe"
"xzrf5782"="RUNDLL32.EXE wab2914d.dll,n 005f577d0000000aab2914d"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"_mzu_stonedrv7"="c:\\windows\\system32\\_mzu_stonedrv7.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv7"="c:\\windows\\system32\\_mzu_stonedrv7.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv7"="c:\\windows\\system32\\_mzu_stonedrv7.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Nick.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-10-21 13:25:58.45
C:\ComboFix.txt ... 06-10-21 13:25

Ok good, we'll continue :)

You should print these instructions or save these to a text file. Follow these instructions carefully.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.

Please download the Killbox (http://www.downloads.subratam.org/KillBox.zip).
Unzip it to the desktop but do NOT run it yet.

Then, make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
==================

Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the word REGEDIT4) :


REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"rozf"=-
"_mzu_stonedrv7"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv7"=-
"xzrf5782"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"_mzu_stonedrv7"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv7"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv7"=-


Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [_mzu_stonedrv7] c:\windows\system32\_mzu_stonedrv7.exe
O4 - HKLM\..\Run: [xzrf5782] RUNDLL32.EXE wab2914d.dll,n 005f577d0000000aab2914d
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [_mzu_stonedrv7] c:\windows\system32\_mzu_stonedrv7.exe
O4 - HKCU\..\Run: [rozf] C:\PROGRA~1\COMMON~1\rozf\rozfm.exe
O4 - HKCU\..\Run: [_mzu_stonedrv7] c:\windows\system32\_mzu_stonedrv7.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.

Go to the My Computer and delete the following folders (if present):
C:\Program Files\Common Files\rozf

Use the Windows search Start
Search
All files and folders
More advanced options Checkmark these options: "Search system folders"
"Search hidden files and folders"
"Search subfolders"
Search for this and delete if found: wab2914d.dll
Search for this and delete if found: TheMatrixHasYou
Search for this and delete if found: piglett.exe

Please run Killbox.

Select "Delete on Reboot".
Select "All Files".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\xzrf5782.sys
C:\Documents and Settings\Nick\ah.exe
C:\windows\system32\_mzu_stonedrv7.exe
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Restart to the safe mode again.

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, post the following logs to here:
- AVG's report
- a fresh HijackThis log

Hi again, still there ?

This topic is closed due to lack of a response. :blink:

If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread.

Applies only to the original topic starter.