Not sure if it's a virus or a problem with my disk, but it does sound similar to some previous problems in the forum (no desktop, no start menu, explorer and iexplore wont load)
I can run programs via task mananger / run and cmd, etc, disk doe churn quite a bit.
I've run a chkdsk which found nothing.
Here's my Log file, would be most appreciated if the people in the know could have a look at it.
Thanks
Elliot
Logfile of HijackThis v1.98.2
Scan saved at 12:28:52, on 09/09/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
I:\WINNT\System32\smss.exe
I:\WINNT\system32\winlogon.exe
I:\WINNT\system32\services.exe
I:\WINNT\system32\lsass.exe
I:\WINNT\System32\termsrv.exe
I:\WINNT\system32\svchost.exe
I:\WINNT\system32\spoolsv.exe
I:\WINNT\System32\msdtc.exe
I:\Program Files\Network ICE\BlackICE\blackd.exe
I:\WINNT\System32\cisvc.exe
I:\PROGRA~1\DIRECT~1\DUService.exe
I:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
I:\WINNT\System32\svchost.exe
I:\WINNT\System32\llssrv.exe
i:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
I:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\mysql\bin\mysqld-nt.exe
I:\PROGRA~1\Navnt\navapsvc.exe
I:\PROGRA~1\Navnt\npssvc.exe
I:\WINNT\PMJ151LA.BIN
I:\WINNT\system32\regsvc.exe
I:\WINNT\system32\MSTask.exe
I:\WINNT\System32\snmp.exe
I:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
I:\WINNT\system32\stisvc.exe
I:\WINNT\System32\WBEM\WinMgmt.exe
I:\Program Files\ORL\VNC\WinVNC.exe
I:\WINNT\System32\mspmspsv.exe
I:\WINNT\system32\svchost.exe
I:\WINNT\system32\Dfssvc.exe
I:\WINNT\System32\inetsrv\inetinfo.exe
I:\WINNT\System32\mqsvc.exe
I:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
I:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe
I:\WINNT\system32\svchost.exe
I:\WINNT\System32\svchost.exe
I:\PROGRA~1\Navnt\alertsvc.exe
I:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
I:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
I:\WINNT\System32\cidaemon.exe
I:\WINNT\System32\cidaemon.exe
I:\WINNT\system32\taskmgr.exe
I:\WINNT\system32\rundll32.exe
I:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
I:\WINNT\system32\cmd.exe
I:\virus\HijackThis19802.exe
I:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
O1 - Hosts: 213.86.184.157 prelive.gamer.tv
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C0B4D50-E0B9-F120-BBD9-7D47BC106A0D} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - I:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\winnt\downloaded program files\googletoolbar1.dll
O2 - BHO: (no name) - {DDFA9CC1-788B-4C1C-A449-A6A1A1668FA8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - I:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\winnt\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] I:\PROGRA~1\ZipCD\directcd.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NPS Event Checker] I:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [Norton eMail Protect] I:\Program Files\Navnt\POProxy.exe
O4 - HKLM\..\Run: [DUControl] I:\PROGRA~1\DIRECT~1\DUControl.exe
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] I:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [TkBellExe] I:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [NeroCheck] I:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] I:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "I:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [WinVNC] "I:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [BJCFD] I:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "I:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [RoboForm] "I:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: DLHelperEXE.exe
O4 - Startup: OCRAWARE.lnk = I:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Scanner Detector.lnk = I:\Program Files\ScanSuite\SDetect.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = I:\Program Files\Network ICE\BlackICE\blackice.exe
O4 - Global Startup: BTTray.lnk = I:\Program Files\Widcomm\Bluetooth Software\BTTray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = I:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = I:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: Phone Connection Monitor.lnk = I:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O4 - Global Startup: Service Manager.lnk = I:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Document Tree - I:\WINNT\web\tree.htm
O8 - Extra context menu item: &Google Search - res://i:\winnt\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://i:\winnt\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://i:\winnt\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://I:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://I:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://I:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://i:\winnt\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://i:\winnt\downloaded program files\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: View Partial So&urce - I:\WINNT\web\source.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://I:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://I:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://I:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://I:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - I:\WINNT\web\tree.htm
O9 - Extra 'Tools' menuitem: &Document Tree - {438AFBA1-B0CB-11d2-9214-00104B3BCE5F} - I:\WINNT\web\tree.htm
O9 - Extra button: Look for Spybot-S&&D updates - {694C6F76-6553-6173-6B69-613445766572} - %windir%\web\spybotsd-updates.htm (file missing)
O9 - Extra 'Tools' menuitem: Look for Spybot-S&&D updates - {694C6F76-6553-6173-6B69-613445766572} - %windir%\web\spybotsd-updates.htm (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://I:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://I:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - I:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: I:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/bty/yinst.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/24031ca91b3d10961e17/netzip/RdxIE.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - http://moneymanager.egg.com/activex/accounttracking.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.ea.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/navclient/data/deleon/1.1.43-deleon/GoogleNav.cab
O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://www.homeusersoftware.com/diskhealth.cab
O16 - DPF: {7380B862-BA18-4529-8972-C66B82AA5D1D} (AccountTracking Class) - http://moneymanager.egg.com/customer/accounttracking.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - http://transfers.one.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
O16 - DPF: {B71A4857-57D1-11D2-821F-000086075197} (Mabry InternetFTP/X COM Object) - http://os2000b.now.com/download/FtpX.DLL
O16 - DPF: {B71A485A-57D1-11D2-821F-000086075197} (Mabry Internet FTP/X Control) - http://icf.gamer.tv/download/FtpX.ocx
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://rms.twii.net/Viewers/ActiveXViewer/ActiveXViewer.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://captainhook.microgaming.com/captainhook/FlashAX.cab
O16 - DPF: {EB587E81-5B71-45C2-90EA-DD77637E0C3D} (ocxMenu.ocxMenuUserControl) - http://icf.gamer.tv/download/ocxMenu.CAB
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - i:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll