sasquatch

ok i have some sort of virus or spyware and i cant get rid of it, i cant find it on norton antivirus scans or spybot and im not too familiar with hijack this
but its to do with internet explorer and it keeps trying to download different files but it says they fail, and they are always from d.bestmanage.org or b.bestmanage.org ... and also for no reason if im in the middle of a game it will minimize and go into windows but nothing pops up, the bars just flash orange down the bottom of my start menu bar.
i have deleted all files and cookies and cleared history over and over ive ran over 10 scans and havent found it yet, also i have gone into my security of internet explorer and blocked cookies from those sites but it still wont work, and i have logged into my router and blocked those sites so i cant even go to them but still they pop up, and lastly when i press alt control delete and check the processess something is always popping up its always a random 7 digit number and i tried to click end process or end process tree but its denied, they keep popping up non stop they are numbers like 3435655 and 2231456 those r just ones i made up but yeah they look like that, and i deleted them out of my local settings/temp folder but it just wont stop.
here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 2:24:27 PM, on 21/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
D:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\WINDOWS\avp.exe
D:\WINDOWS\smgr.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\DOCUME~1\blake\LOCALS~1\Temp\powerlook.exe
D:\WINDOWS\avp.exe
D:\DOCUME~1\blake\LOCALS~1\Temp\win64.exe
D:\WINDOWS\avp.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\avp.exe
D:\DOCUME~1\blake\LOCALS~1\Temp\sysmon.exe
D:\DOCUME~1\blake\LOCALS~1\Temp\3216.exe
D:\WINDOWS\avp.exe
D:\WINDOWS\avp.exe
D:\DOCUME~1\blake\LOCALS~1\Temp\16look.exe
D:\DOCUME~1\blake\LOCALS~1\Temp\svwin.exe
D:\WINDOWS\avp.exe
D:\DOCUME~1\blake\LOCALS~1\Temp\32win.exe
D:\WINDOWS\avp.exe
D:\WINDOWS\avp.exe
D:\DOCUME~1\blake\LOCALS~1\Temp\powersyn.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEHlprObj Class - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - D:\Program Files\BP Go!Zilla v4.1\GoIEHlp.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avp] D:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with Go!Zilla - file://D:\Program Files\BP Go!Zilla v4.1\download-with-gozilla.html
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C063E415-52A1-4086-A4AE-5D1F9E14EE9C}: NameServer = 220.233.0.3,220.233.0.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe




SOMEONE PLEASE HELP IM BEGGING YOU!!!

INTELCRAZY

I suggest Kaspersky Anti-Virus 6.0


O4 - HKLM\..\Run: [smgr] smgr.exe <<That is probably your problem

Punk

I found two Spywares. Don't do anything yet I'm looking for help removing them. PM John McKenna for better help or Buzz1927 who are experts at removing malware.

__________________
Punk's anti-hackers website
Punk's Website making and registering tutorial!

Rise And Fall, Rage And Grace

The Offspring!

Buzz1927

I gotta get to bed, but run Combofix and post the log it creates, I'll get back to it tomorrow.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

__________________
The Grim Reaper - Son of Glyndwr
"To Hell or Connacht" may you burn in Hell tonight!

sasquatch

ComboFix 07-06-21.3 - D:\Documents and Settings\blake\Desktop\ComboFix.exe
"blake" - 2007-06-21 21:18:48 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS\avp.exe
D:\WINDOWS\smgr.exe
D:\WINDOWS\system32\driver.exe
D:\WINDOWS\system32\msxml3a.dll


((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))


2007-06-21 21:18 49,152 --a------ D:\WINDOWS\nircmd.exe
2007-06-19 20:30 967 --a------ D:\WINDOWS\ScUnin.pif
2007-06-19 20:30 70,656 --a------ D:\WINDOWS\ScUnin.exe
2007-06-19 20:30 34,691 --a------ D:\WINDOWS\scunin.dat
2007-06-19 20:17 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-19 20:16 3,829,760 --a------ D:\DOCUME~1\blake\ntuser.dat
2007-06-19 13:24 <DIR> d-------- D:\Program Files\Norton AntiVirus
2007-06-19 13:23 48,776 --a------ D:\WINDOWS\system32\S32EVNT1.DLL
2007-06-19 13:23 115,000 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-19 13:23 <DIR> d-------- D:\Program Files\Symantec
2007-06-19 13:23 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-06-19 13:18 <DIR> d-------- D:\Program Files\Common Files\Symantec Shared
2007-06-19 01:41 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-19 00:34 28,160 --a------ D:\WINDOWS\system32\sysmon32.exe
2007-06-18 14:03 <DIR> d-------- D:\Program Files\Starcraft
2007-06-18 13:45 <DIR> d-------- D:\Program Files\PowerISO
2007-06-08 21:26 <DIR> d-------- D:\DOCUME~1\blake\APPLIC~1\Syntrillium
2007-06-08 21:25 665,424 --a------ D:\WINDOWS\system32\wmv8dmoe.dll
2007-06-08 21:25 572,752 --a------ D:\WINDOWS\system32\wmvdmoe.dll
2007-06-08 21:25 438,608 --a------ D:\WINDOWS\system32\wmv8dmod.dll
2007-06-08 21:25 1,683,792 --a------ D:\WINDOWS\system32\wmvcore2.dll
2007-06-08 21:24 <DIR> d-------- D:\Program Files\coolpro2
2007-06-06 12:26 <DIR> d-------- D:\300
2007-06-05 23:06 <DIR> d-------- D:\WINDOWS\Paltalk Messenger
2007-06-05 23:06 <DIR> d-------- D:\Program Files\Paltalk Messenger
2007-06-05 23:06 <DIR> d-------- D:\DOCUME~1\blake\APPLIC~1\Paltalk


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-06-21 10:45:20 -------- d-----w D:\Program Files\BP Go!Zilla v4.1
2007-06-20 18:22:51 -------- d-----w D:\DOCUME~1\blake\APPLIC~1\Skype
2007-06-20 10:17:12 -------- d-----w D:\Program Files\World of Warcraft
2007-06-19 10:16:47 -------- d-----w D:\Program Files\Warcraft III
2007-06-07 06:38:41 -------- d-----w D:\Program Files\art
2007-05-16 15:12:02 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
2007-05-01 13:11:43 -------- d-----w D:\DOCUME~1\blake\APPLIC~1\AdobeUM
2007-04-26 07:00:00 -------- d-----w D:\Program Files\SpeedFan
2007-04-25 14:21:15 144,896 ----a-w D:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w D:\WINDOWS\system32\msi.dll
2007-04-16 12:47:36 33,624 ----a-w D:\WINDOWS\system32\wups.dll
2007-04-16 12:45:54 1,710,936 ----a-w D:\WINDOWS\system32\wuaueng.dll
2007-04-16 12:45:48 549,720 ----a-w D:\WINDOWS\system32\wuapi.dll
2007-04-16 12:45:42 325,976 ----a-w D:\WINDOWS\system32\wucltui.dll
2007-04-16 12:45:36 203,096 ----a-w D:\WINDOWS\system32\wuweb.dll
2007-04-16 12:45:28 92,504 ----a-w D:\WINDOWS\system32\cdm.dll
2007-04-16 12:45:20 53,080 ----a-w D:\WINDOWS\system32\wuauclt.exe
2007-04-16 12:45:20 43,352 ----a-w D:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 13:17]
{53707962-6F74-2D53-2644-206D7942484F}=D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{CD4C3CF0-4B15-11D1-ABED-709549C10000}=D:\Program Files\BP Go!Zilla v4.1\GoIEHlp.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 18:31 D:\WINDOWS\SOUNDMAN.EXE]
"ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 08:12]
"SsAAD.exe"="D:\PROGRA~1\Sony\SONICS~1\SsAAD.e xe" [2006-01-07 01:36]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-16 12:55]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"PWRISOVM.EXE"="D:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 22:23]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="D:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-06 06:22]
"Symantec PIF AlertEng"="D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-09-18 23:02]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BulletProof Go!Zilla.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\BulletProof Go!Zilla.lnk
backup=D:\WINDOWS\pss\BulletProof Go!Zilla.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=D:\WINDOWS\pss\PalStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fd997b8f-a176-11db-bad6-806d6172696f}]
AutoRun\command- F:\Setup.exe


Contents of the 'Scheduled Tasks' folder
2007-06-19 03:32:44 D:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - blake.job

************************************************** ************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-21 21:19:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-06-21 21:20:04
D:\ComboFix-quarantined-files.txt ... 2007-06-21 21:20

--- E O F ---

Buzz1927

Sorry, can you post a new Hijackthis log as well, please.

__________________
The Grim Reaper - Son of Glyndwr
"To Hell or Connacht" may you burn in Hell tonight!

sasquatch

whoever suggested that kapersky anti virus is a genius! it found all of those shit trojans and wiped them so my comps back to normal thanks alot