Hijackthis file - Constant popup problem

[Hyper_Kagome]

Well, here it is, the Hijackthis log file.
Just as a refreser to those who havn't seen the first post.

Okay, so heres the deal.
I never signed up for this Movie Central thing, no one in my house did, and it has my IP Address, and it constantly sends me pop-ups for a payment, and that the only way for it to leave is through that payment, and we don't want to pay for something we never agreed to or need. The only way to close it is though Ctrl+Alt+Delete as well. I went to the Customer Service part of the site through the pop-up and asked why I was recieving it, and it responded, "It is impposible for this to be on your computer without hvaing had someone go through a four step process of registering it to your computer."

Any help on how to get it gone, would be greatly appreciated, thanks.

Logfile of HijackThis v1.99.1
Scan saved at 10:27:55 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ItBill\itbill.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\kmligimdu\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\kmligimdu\csrss.exe
O1 - Hosts: 205.238.40.2 www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3312.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3313.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3315.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3316.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3317.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3318.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3319.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3310.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3311.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3313.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3315.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3317.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3312.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3313.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3315.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3316.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3317.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3319.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3310.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3311.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3313.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3315.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3317.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3312.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3313.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3315.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3316.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3317.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3318.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3319.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3310.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3313.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3317.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3522.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3523.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3525.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3526.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3527.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3528.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3529.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3520.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3521.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3522.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3523.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3525.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3527.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3522.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3523.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3525.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3526.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3527.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3528.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3529.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3520.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3521.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3522.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3523.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3525.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3527.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DELUXECC] C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Kinstone1668
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\ItBill\itbill.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120337925252
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4204E75D-BD14-4A16-BCDE-55152B2C6C07}: NameServer = 85.255.113.146,85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4DCDD0C-552C-4760-AC71-D6A12FD8340C}: NameServer = 85.255.113.146,85.255.112.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{4204E75D-BD14-4A16-BCDE-55152B2C6C07}: NameServer = 85.255.113.146,85.255.112.23
O17 - HKLM\System\CS2\Services\Tcpip\..\{4204E75D-BD14-4A16-BCDE-55152B2C6C07}: NameServer = 85.255.113.146,85.255.112.23
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

[cell4me]

Open up hijackthis and do a system scan only, then check the following entrys and at the bottom push the fix button.
Then reboot computer and post a new log.

O1 - Hosts: 205.238.40.2 www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3312.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3313.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3315.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3316.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3317.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3318.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3319.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3310.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3311.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3313.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3315.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3317.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3312.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3313.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3315.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3316.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3317.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3319.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3310.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3311.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3313.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3315.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3317.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3312.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3313.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3315.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3316.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3317.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3318.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3319.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3310.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3313.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3317.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3522.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3523.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3525.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3526.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3527.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3528.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3529.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3520.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3521.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3522.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3523.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3525.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3527.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3522.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3523.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3525.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3526.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3527.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3528.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3529.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3520.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3521.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3522.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3523.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3525.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3527.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com
O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\ItBill\itbill.exe"
O4 - Startup: csrss.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{4204E75D-BD14-4A16-BCDE-55152B2C6C07}: NameServer = 85.255.113.146,85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4DCDD0C-552C-4760-AC71-D6A12FD8340C}: NameServer = 85.255.113.146,85.255.112.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{4204E75D-BD14-4A16-BCDE-55152B2C6C07}: NameServer = 85.255.113.146,85.255.112.23
O17 - HKLM\System\CS2\Services\Tcpip\..\{4204E75D-BD14-4A16-BCDE-55152B2C6C07}: NameServer = 85.255.113.146,85.255.112.23

 

[Hyper_Kagome]

Checked, fixed, restarted, Hijackthis scanned again - repost:

Logfile of HijackThis v1.99.1
Scan saved at 10:52:54 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\kmligimdu\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\kmligimdu\csrss.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DELUXECC] C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Kinstone1668
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120337925252
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

[cell4me]

You still have w32.Chod virus run a scan at symantec and see if it will delete it!

http://security.symantec.com/default.asp

Then run hijackthis again and fix this entry.

O4 - Startup: csrss.lnk = ?

Reboot and post new log.

 

[Hyper_Kagome]

Alrighty...

 

[cell4me]

Nevermind last advice here is symantecs removal instructions.

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

 

[Hyper_Kagome]

Must've been to early of a morning for me, and to late of a night right now... I'm not.. understanding them.. to well.

 

[cell4me]

You can try symantec online scanner and see if it will fix it for you and you can also try ewido http://www.ewido.net/en/ but if neither work the only way you are going to remove it is following those instructions (or reformat) Try ewido first but disable system restore first and run ewido in safe mode, then try symantec online scanner and post new hijackthis log and I will see if its gone.

 

[Hyper_Kagome]

Okay... it'll take awhile for me to.. figure out the disabling the system restore and entering safe mode...

 

[cell4me]

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
How to disable system restore ^

Enter safemode by holding down the f8 key when your computer is booting up and select safemode

 

[Hyper_Kagome]

Okay, thanks, seems easy enough for me to actually remember.