Hi, this is actually my first time posting since I have been usually able to solve problems like this on my own, but I guess we all need help from time to time anyway here goes:

I have a 7r7t.com and a ads1.revenue.net infection, I also have
an infection that will NOT allow me to run any online scanner, most say that
they are unable to load, Trend Micro start to but then the bowser is closed and I am assuming its another program that doesn't want me to use any online scanner, I tried all of them in the list on this system.

I couldn't even get panda to run.

So I guess we need to get my system to where I can at least one of these
scanners so here is my HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 8:18:11 AM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\tcpip.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
E:\Program Files\acm\acm.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - E:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - E:\Program Files\BHO Plugin\plugin1.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] E:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SS] E:\Program Files\acm\acm.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PrevxOne] "E:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PSCastor] "E:\Program Files\PSCastor\PSCastor.exe"
O4 - HKCU\..\Run: [Urxq] E:\Documents and Settings\jbradley-admin\Application Data\?asks\winspool.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162597428843
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - E:\Program Files\Prevx1\PXAgent.exe" -f (file missing)

Hello plowboy,

Welcome to Safer Networking Forums :)

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

NOTE TO HELPER:

(Because the requested information would not fit in one reply please check the next reply as the combined information was way more than 20000 chars. thank you)
Ok, here we go, here is my combofix log:

jbradley-admin - 06-11-08 10:23:25.25 Service Pack 2
ComboFix 06.10.19 - Running from: "E:\Documents and Settings\jbradley-admin\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
E:\QooBox\Purity\Documents and Settings\jbradley-admin\My Documents\ICROSO~1
E:\QooBox\Purity\Documents and Settings\jbradley-admin\My Documents\ICROSO~1\?icrosoft
((((((((((((((((((((((((((((((( Files Created from 2006-10-08 to 2006-11-08 ))))))))))))))))))))))))))))))))))
2006-11-07 00:05 76,560 --a------ E:\WINDOWS\system32\drivers\tmcomm.sys
2006-11-06 08:20 11,648 --a------ E:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-11-05 21:46 17,920 --a------ E:\WINDOWS\system32\tcpip.exe
2006-11-05 21:43 8,464 --a------ E:\WINDOWS\system32\sporder.dll
2006-11-05 21:43 2 --a------ E:\WINDOWS\system32\wapicc.exe
2006-11-05 21:42 397,312 --a------ E:\WINDOWS\cfg32p.dll
2006-11-05 21:42 1,259 --a------ E:\WINDOWS\system32\djibc9a7.sys
2006-11-05 21:41 142 --a------ E:\WINDOWS\aiuap.dll
2006-11-04 19:41 129,784 --------- E:\WINDOWS\system32\pxafs.dll
2006-11-03 20:51 121,856 --------- E:\WINDOWS\system32\xmllite.dll
2006-11-03 20:06 221,184 --a------ E:\WINDOWS\system32\wmpns.dll
2006-11-03 18:45 18,200 --a------ E:\WINDOWS\system32\wups2.dll
2006-11-03 15:55 2,560 --------- E:\WINDOWS\system32\drivers\cdralw2k.sys
2006-11-03 15:55 2,432 --------- E:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-11-03 15:55 157,352 --------- E:\WINDOWS\system32\pxwma.dll
2006-11-03 15:49 22,752 --a------ E:\WINDOWS\system32\spupdsvc.exe
2006-10-27 15:09 6,049,280 --------- E:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50,688 --------- E:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458,752 --------- E:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 180,736 --------- E:\WINDOWS\system32\ieui.dll
2006-10-27 02:44 13,312 --a------ E:\WINDOWS\system32\ieudinit.exe
2006-10-24 19:45 15,360 --a------ E:\WINDOWS\system32\BASSMOD.dll
2006-10-18 16:46 30 --a------ E:\logoff.bat
2006-10-17 13:05 206,336 --------- E:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:58 61,952 --------- E:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12,288 --------- E:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 266,752 --------- E:\WINDOWS\system32\iertutil.dll
2006-10-17 12:27 380,928 --------- E:\WINDOWS\system32\ieapfltr.dll
2006-10-13 20:18 87,424 --a------ E:\WINDOWS\system32\drivers\aswmon2.sys
2006-10-13 20:18 85,952 --a------ E:\WINDOWS\system32\drivers\aswmon.sys
2006-10-13 20:18 36,176 --a------ E:\WINDOWS\system32\drivers\aswTdi.sys
2006-10-13 20:18 24,560 --a------ E:\WINDOWS\system32\drivers\aavmker4.sys
2006-10-13 20:18 16,352 --a------ E:\WINDOWS\system32\drivers\aswRdr.sys
2006-10-13 20:17 90,112 --a------ E:\WINDOWS\system32\AVASTSS.scr
2006-10-13 20:17 666,240 --a------ E:\WINDOWS\system32\aswBoot.exe
2006-10-13 20:17 1,060,864 --a------ E:\WINDOWS\system32\MFC71.dll
2006-10-13 13:20 29,968 --a------ E:\WINDOWS\system32\mdimon.dll
2006-10-12 18:17 54,272 --a------ E:\WINDOWS\system32\DrvTrNTm.dll
2006-10-12 18:17 106,496 --a------ E:\WINDOWS\system32\DrvTrNTl.dll
2006-10-12 18:03 344,064 --a------ E:\WINDOWS\system32\msvcr70.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-08 08:17 -------- d-------- E:\Program Files\Mozilla Firefox
2006-11-08 02:04 -------- d-------- E:\Program Files\Citrus Alarm Clock
2006-11-07 00:05 -------- d-------- E:\Program Files\Internet Explorer
2006-11-06 20:54 -------- d-------- E:\Program Files\Lavasoft
2006-11-06 20:54 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Lavasoft
2006-11-06 19:52 -------- d--h----- E:\Program Files\BHO Plugin
2006-11-06 17:46 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\çasks
2006-11-06 08:26 -------- d-------- E:\Program Files\Common Files
2006-11-06 02:16 -------- d-------- E:\Program Files\Windows Media Player
2006-11-06 00:07 -------- d-------- E:\Program Files\MSN Gaming Zone
2006-11-05 21:45 517 --a------ E:\Program Files\Common Files\mevo
2006-11-05 20:00 -------- d--h----- E:\Program Files\InstallShield Installation Information
2006-11-05 20:00 -------- d-------- E:\Program Files\Prescient Systems
2006-11-04 20:35 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Winamp
2006-11-04 20:33 -------- d-------- E:\Program Files\Common Files\NSV
2006-11-04 19:42 -------- d-------- E:\Program Files\Winamp
2006-11-04 12:50 -------- d-------- E:\Program Files\Pix2Fone
2006-11-04 12:49 -------- d-------- E:\Program Files\Microsoft Office
2006-11-04 12:49 -------- d-------- E:\Program Files\Common Files\Microsoft Shared
2006-11-04 12:31 -------- d-------- E:\Program Files\freeFTPd
2006-11-04 12:31 -------- d-------- E:\Program Files\EzPhone Recorder Pro 1.0
2006-11-04 11:37 -------- d-------- E:\Program Files\Real
2006-11-04 00:58 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Roxio
2006-11-04 00:53 -------- d-------- E:\Program Files\Napster
2006-11-03 22:06 -------- d-------- E:\Program Files\Common Files\Napster Shared
2006-11-03 22:05 -------- d-------- E:\Program Files\Common Files\InstallShield
2006-11-03 21:19 -------- d-------- E:\Program Files\Messenger
2006-11-03 20:07 -------- d-------- E:\Program Files\Outlook Express
2006-11-03 20:07 -------- d-------- E:\Program Files\Common Files\System
2006-11-03 15:56 -------- d-------- E:\Program Files\Yahoo!
2006-11-03 15:55 -------- d-------- E:\Program Files\Common Files\SureThing Shared
2006-11-03 15:54 -------- d-------- E:\Program Files\illiminable
2006-11-01 16:30 -------- d---s---- E:\Documents and Settings\jbradley-admin\Application Data\Microsoft
2006-10-27 15:09 413696 --a------ E:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ E:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 156160 --a------ E:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ E:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ E:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ E:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ E:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ E:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ E:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ E:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --a------ E:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ E:\WINDOWS\system32\ieakui.dll
2006-10-24 21:14 -------- d-------- E:\Program Files\EzPhone Recorder 1.1
2006-10-23 22:32 -------- d-------- E:\Program Files\Foxit Software
2006-10-23 17:56 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Macromedia
2006-10-21 20:17 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Real
2006-10-21 20:13 -------- d-------- E:\Program Files\Common Files\xing shared
2006-10-21 20:13 -------- d-------- E:\Program Files\Common Files\Real
2006-10-21 15:52 -------- d-------- E:\Program Files\Universal Extractor
2006-10-19 17:25 -------- d-------- E:\Program Files\A Simple Roman Numeral Converter
2006-10-18 21:58 -------- d-------- E:\Program Files\acm
2006-10-18 00:33 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Apple Computer
2006-10-17 13:06 78336 --a------ E:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ E:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 105984 --a------ E:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ E:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ E:\WINDOWS\system32\corpol.dll
2006-10-17 12:57 36352 --a------ E:\WINDOWS\system32\imgutil.dll
2006-10-17 12:56 45568 --a------ E:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ E:\WINDOWS\system32\mshtmler.dll
2006-10-16 20:18 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Sun
2006-10-14 15:04 -------- d-------- E:\Program Files\Image ReSizer 1.0
2006-10-13 20:17 -------- d-------- E:\Program Files\Alwil Software
2006-10-13 20:08 -------- d-------- E:\Program Files\LimeWire
2006-10-13 13:16 -------- d-------- E:\Program Files\Microsoft Visual Studio
2006-10-13 13:16 -------- d-------- E:\Program Files\Common Files\DESIGNER
2006-10-13 13:15 -------- d-------- E:\Program Files\Microsoft.NET
2006-10-13 13:15 -------- d-------- E:\Program Files\Microsoft Works
2006-10-13 09:45 -------- d-------- E:\Program Files\Camstreams Encoder
2006-10-13 09:44 -------- d-------- E:\Program Files\Windows Media Components
2006-10-12 20:20 -------- d-------- E:\Program Files\Abyss Web Server
2006-10-12 18:17 -------- d-------- E:\Program Files\HighCriteria
2006-10-12 18:04 -------- d-------- E:\Program Files\Audio Recorder for FREE
2006-10-08 16:12 -------- d-------- E:\Program Files\PowerArchiver
2006-10-07 19:36 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\vlc
2006-10-07 19:32 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\LimeWire
2006-10-07 13:28 -------- d-------- E:\Program Files\Java
2006-10-07 13:27 -------- d-------- E:\Program Files\Common Files\Java
2006-10-03 12:21 36528 --------- E:\WINDOWS\system32\drivers\PxHelp20.sys
2006-10-03 12:21 115880 --------- E:\WINDOWS\system32\pxinsi64.exe
2006-10-03 12:21 114856 --------- E:\WINDOWS\system32\pxcpyi64.exe
2006-09-28 19:00 -------- d-------- E:\Program Files\Grisoft
2006-09-28 15:24 -------- d-------- E:\Program Files\ProfInfoTech
2006-09-27 16:02 -------- d-------- E:\Program Files\Google
2006-09-24 08:10 774144 --a------ E:\Program Files\RngInterstitial.dll
2006-09-15 08:58 -------- d-------- E:\Program Files\Future Systems Solutions
2006-09-15 08:55 -------- d-------- E:\Program Files\Total Uninstall 3
2006-09-15 08:33 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Help
2006-09-15 08:04 -------- d-------- E:\Program Files\PowerQuest
2006-09-14 06:59 -------- dr-h----- E:\Program Files\rnamfler
2006-09-13 17:15 3888 --a------ E:\WINDOWS\system32\drivers\NTHANDLE.SYS
2006-09-13 00:01 1084416 --a------ E:\WINDOWS\system32\msxml3.dll
2006-09-11 17:42 -------- d-------- E:\Program Files\Veo Stingray
2006-09-10 02:52 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\acccore
2006-09-10 02:51 -------- d-------- E:\Program Files\Common Files\Nullsoft
2006-09-09 09:22 -------- d-------- E:\Program Files\Musicmatch
2006-09-09 09:21 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Musicmatch
2006-09-09 08:46 503808 --a------ E:\WINDOWS\system32\msvcp71.dll
2006-09-09 08:46 348160 --a------ E:\WINDOWS\system32\msvcr71.dll
2006-09-09 08:45 89088 --a------ E:\WINDOWS\system32\atl71.dll
2006-09-09 08:45 1047552 --a------ E:\WINDOWS\system32\mfc71u.dll
2006-09-09 06:43 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Mozilla
2006-09-08 00:41 -------- d-------- E:\Documents and Settings\jbradley-admin\Application Data\Identities
2006-09-06 20:06 62 --ahs---- E:\Documents and Settings\jbradley-admin\Application Data\desktop.ini
2006-09-06 19:40 1502 --ahs---- E:\WINDOWS\rreg64.dll
2006-09-06 19:40 1462 --ahs---- E:\WINDOWS\utapi64.dll
2006-08-25 10:45 617472 --a------ E:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --a------ E:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ E:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a------ E:\WINDOWS\system32\6to4svc.dll
2006-08-11 19:52 33040 --a------ E:\WINDOWS\system32\FM20ENU.DLL
2006-08-11 19:52 1190664 --a------ E:\WINDOWS\system32\FM20.DLL
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="E:\\WINDOWS\\system32\\ctfmon.exe"
"Urxq"="E:\\Documents and Settings\\jbradley-admin\\Application Data\\?asks\\winspool.exe"
"Citrus Alarm Clock"="E:\\Program Files\\Citrus Alarm Clock\\citrusac.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ISUSPM Startup"="\"E:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"E:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"MimBoot"="E:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"MMTray"="\"E:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"SunJavaUpdateSched"="E:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"TotalRecorderScheduler"="\"E:\\Program Files\\HighCriteria\\TotalRecorder\\TotRecSched.exe\""
"avast!"="E:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SS"="E:\\Program Files\\acm\\acm.exe"
"TkBellExe"="\"E:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"WinampAgent"="E:\\Program Files\\Winamp\\winampa.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="E:\\Program Files\\Windows Media Player\\podobixi.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="E:\\Program Files\\MSN Gaming Zone\\mebe.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-11-08 10:26:45.00
E:\ComboFix.txt ... 06-11-08 10:26

My HJT log is in the next reply since they both wouldn't fit in one message.

Logfile of HijackThis v1.99.1
Scan saved at 10:30:01 AM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\tcpip.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\acm\acm.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Messenger\msmsgs.exe
E:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
E:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
E:\Program Files\acm\acm.exe
E:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - E:\Program Files\BHO Plugin\plugin1.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] E:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SS] E:\Program Files\acm\acm.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Urxq] E:\Documents and Settings\jbradley-admin\Application Data\?asks\winspool.exe
O4 - HKCU\..\Run: [Citrus Alarm Clock] E:\Program Files\Citrus Alarm Clock\citrusac.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162597428843
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Sorry about the multiple replies but it was the only way I could think of to get both logs posted since they wouldn't fit in one post.

hello,

Navigate to E:\\Program Files\\Windows Media Player

Delete the following file in bold: podobixi.html

Navigate to E:\\Program Files\\MSN Gaming Zone

Delete the following file in bold: mebe.html

Then Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.

Please download, install, and update AVG Anti-Spyware (formerly Ewido) (http://www.ewido.net/en/download/)


Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close ewido. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - E:\Program Files\BHO Plugin\plugin1.dll
O4 - HKCU\..\Run: [Urxq] E:\Documents and Settings\jbradley-admin\Application Data\?asks\winspool.exe

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Delete the following folders, if present:

E:\Program Files\BHO Plugin
E:\Documents and Settings\jbradley-admin\Application Data\?asks


In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.


In your reply, please post the report form Avg and a new HijackThis log. Let me know how your computer is running. :)

Thanks,
tea

I have a question, I have a question, my AVG log is 28 pages long so I can't fit it into a single post, is their some other way you want me to post it or make it available to you?

Also, my system doesn't have popups, but it is still running slower than normal (example, when I click start, it takes about 30 seconds for the system
to get around to opening the menu, same with opening/closing programs) I can't find any processes in task manager hogging memory so I have no idea whats causing that. Also, everytime I log in to windows, my documents folder opens up. It's not bad, just annoying.

Anyway here's the HJT log after the scan and cleaning, please tell me how
to get the AVG log to you, thanks.

JB


Logfile of HijackThis v1.99.1
Scan saved at 7:39:01 AM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
E:\Program Files\acm\acm.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Citrus Alarm Clock\citrusac.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Windows NT\Accessories\wordpad.exe
E:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] E:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SS] E:\Program Files\acm\acm.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Citrus Alarm Clock] E:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162597428843
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: TCP and UDP Support - Unknown owner - E:\WINDOWS\system32\tcpip.exe (file missing)

Note, my AVG log is 28 pages long, please tell me how to get it to you-thanks. I also couldn't find the first few files you asked me to delete, also I know longer have popups but the sys is still real slow.


Logfile of HijackThis v1.99.1
Scan saved at 7:39:01 AM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
E:\Program Files\acm\acm.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Citrus Alarm Clock\citrusac.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Windows NT\Accessories\wordpad.exe
E:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] E:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "E:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "E:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SS] E:\Program Files\acm\acm.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Citrus Alarm Clock] E:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162597428843
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: TCP and UDP Support - Unknown owner - E:\WINDOWS\system32\tcpip.exe (file missing)

plowboy did you get my message?

Hello,

Got it, thanks. :)

Multiple accounts, and cracks.....okie dokie. Now I know how you got infected!:spider:

Please do the following for each account on the system:

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.]

Now run AVG again....post the report here, using as many posts as you need to. :) Also please post a fresh HijackThis log.

Thanks,
tea

This topic is closed due to lack of a response to helper, if you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.