0

Ok, I dunno how it started, but it just did as most things do.

When i boot up the pc, explorer.exe is there, but after a few seconds, it dissapears, then comes back, then goes. It does this continually. I had to end the explorer.exe process for it to stop. As far as I know, everything else works. IE, firefox, X-fire, MSN, the lot. I've ran 2 anti virus programs (Avast, and AVG) 1 online virus scanner (TrendMicro), Adaware, spyware S&D, and every other little one I could find, but still to no avail. I wanted to try and use System Restore, but that decided that it doesnt want to work. That, I can fix, but that would mean getting rid of all previous restore points. I just need to fix the explorer.exe problem.

Heres a HJT log; Thanks for any help in advance!

Logfile of HijackThis v1.99.1
Scan saved at 23:00:56, on 30/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\Program Files\Applications\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Program Files\Applications\Mozilla Firefox\firefox.exe
G:\Program Files\Applications\LimeWire\LimeWire.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\hijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 69.80.225.31 nprotect.ryl.com.my
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {69DC2C3D-BE96-4FEF-9878-E037F4090FB3} - C:\WINDOWS\system32\tjffrcyb.dll
O2 - BHO: (no name) - {721E3FFB-25B3-4CF7-A5DF-53D14BAE4183} - C:\WINDOWS\system32\vtsqr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {B572F27E-E372-4C72-B3FB-11F376E21785} - C:\WINDOWS\system32\cbxwvtu.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\owpkhdgg.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\xsapvtde.dll",realset
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\-Raven-\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxwvtu - C:\WINDOWS\SYSTEM32\cbxwvtu.dll
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winclk32 - winclk32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Applications\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

6
Contributors
15
Replies
17
Views
10 Years
Discussion Span
Last Post by crunchie
0

I was looking round other forums, and found that some post suggested running VundoFix for other problems, I thought I'd give it a shot, and guess what, it worked. The Explorer problem is now gone.

But if you do look over my HJT log, and find something wrong, please let me know about it!

Here's an updated HJT log;

Logfile of HijackThis v1.99.1
Scan saved at 23:32:46, on 30/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\Program Files\Applications\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Xfire\Xfire.exe
G:\Program Files\Applications\Mozilla Firefox\firefox.exe
C:\Program Files\hijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 69.80.225.31 nprotect.ryl.com.my
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {69DC2C3D-BE96-4FEF-9878-E037F4090FB3} - C:\WINDOWS\system32\tjffrcyb.dll
O2 - BHO: (no name) - {721E3FFB-25B3-4CF7-A5DF-53D14BAE4183} - C:\WINDOWS\system32\vtsqr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {B572F27E-E372-4C72-B3FB-11F376E21785} - C:\WINDOWS\system32\cbxwvtu.dll (file missing)
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\xsapvtde.dll",realset
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\-Raven-\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winclk32 - winclk32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Applications\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

0

I'm not sure we should encourage self-help..tsk... we'll be outta business. Nice work... :). Now get this combofix n run it also...
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
-- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

0

Ok, here it is, sorry it took a while, I read the post, got the program, then completely forgot about it :P

"raven3961" - 07-05-02 11:19:44 Service Pack 2
ComboFix 07-04-28.V - Running from: "Area 51? =P"

/wow section not completed

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\osbvsbti.dll
C:\WINDOWS\system32\tjffrcyb.dll
C:\WINDOWS\system32\tqkmfytk.dll
C:\WINDOWS\system32\xoxefjxh.dll
C:\WINDOWS\system32\ylrtaaee.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\14_43260.dll
C:\WINDOWS\system32\28_83260.dll
C:\Program Files\msmovies\p.zip
C:\Program Files\winupdates\a.zip
C:\WINDOWS\system32\nvs2.inf
C:\Program Files\msmovies
C:\Program Files\winupdates
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\nvzrbgi_navps.dat
C:\WINDOWS\system32\nvzrbgi.exe
C:\WINDOWS\system32\nvzrbgi.dat


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm
-------\sfsync02


((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 ))))))))))))))))))))))))))))))))))


2007-05-02 11:24 0 --a------ C:\WINDOWS\SYSTEM32\sfsync02.dll
2007-04-30 23:16 <DIR> d-------- C:\VundoFix Backups
2007-04-30 22:56 284,244 ---hs---- C:\WINDOWS\SYSTEM32\vtsqo.dll
2007-04-30 22:45 <DIR> d-------- C:\Program Files\CCleaner
2007-04-26 21:54 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2007-04-26 16:39 939,829 ---hs---- C:\WINDOWS\SYSTEM32\qqstv.ini2
2007-04-25 05:32 <DIR> d-------- C:\Program Files\MDM
2007-04-25 05:25 581,632 --a------ C:\kjhgc.exe
2007-04-25 05:08 <DIR> d-------- C:\Install
2007-04-25 05:05 256 ---hs---- C:\SYSJR22.SYS
2007-04-25 05:03 <DIR> d-------- C:\New Folder (2)
2007-04-25 04:58 29,184 --a------ C:\WINDOWS\SYSTEM32\jesterrun.dll
2007-04-25 04:55 <DIR> d-------- C:\Program Files\FlashJester
2007-04-25 04:40 1,236,540 --a------ C:\Interface.exe
2007-04-25 04:37 <DIR> d-------- C:\Program Files\Screenweaver 3 OS
2007-04-25 04:33 86,016 --a------ C:\ncstart.exe
2007-04-25 04:33 1,731,960 --a------ C:\ChatRoom.exe
2007-04-25 04:25 <DIR> d-------- C:\Program Files\Goldshell
2007-04-25 04:19 21,504 --a------ C:\WINDOWS\jestertb.dll
2007-04-25 03:41 <DIR> d-------- C:\DOCUME~1\-Raven-\APPLIC~1\Axialis
2007-04-23 02:38 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-04-22 19:10 57,344 --a------ C:\WINDOWS\SYSTEM32\WNASPINT.DLL
2007-04-22 12:18 262,144 --a------ C:\WINDOWS\SYSTEM32\default_user_class.dat
2007-04-22 00:28 <DIR> d-------- C:\Program Files\Dance eJay 2.0 Demo
2007-04-22 00:27 <DIR> d-------- C:\DOCUME~1\-Raven-\APPLIC~1\GetRightToGo
2007-04-21 22:10 <DIR> d-------- C:\DOCUME~1\-Raven-\APPLIC~1\Ahead
2007-04-21 22:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero
2007-04-21 22:00 <DIR> d-------- C:\New Folder
2007-04-20 18:08 <DIR> d-------- C:\Program Files\The Creative Assembly
2007-04-20 10:51 248,988 --a------ C:\WINDOWS\SYSTEM32\nvzrbgi_nav.dat
2007-04-13 08:13 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-10 19:22 796,672 --a------ C:\WINDOWS\GPInstall.exe
2007-04-10 15:10 111,227 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dump_wmimmc.sys
2007-04-07 10:55 <DIR> d-------- C:\Program Files\HHVcdV7Sys
2007-04-06 03:00 <DIR> d-------- C:\WINDOWS\PixArt
2007-04-06 03:00 <DIR> d-------- C:\Program Files\PC Camera
2007-04-06 03:00 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2007-04-04 23:48 53,248 --a------ C:\WINDOWS\SYSTEM32\PAStiSvc.exe
2007-04-03 05:19 <DIR> d-------- C:\Program Files\MsoSetup
2007-04-02 11:21 <DIR> d-------- C:\DOCUME~1\-Raven-\APPLIC~1\Caphyon
2007-04-02 11:20 <DIR> d-------- C:\Program Files\Caphyon


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-02 11:19 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\azureus
2007-05-02 11:15 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\xfire
2007-04-30 23:57 -------- d---s---- C:\Program Files\xfire
2007-04-30 22:22 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\limewire
2007-04-27 23:17 -------- d-------- C:\Program Files\gamespy arcade
2007-04-25 05:13 -------- d--h----- C:\Program Files\installshield installation information
2007-04-22 00:28 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\getrighttogo
2007-04-21 22:01 -------- d-------- C:\Program Files\sony setup
2007-04-21 20:57 -------- d-------- C:\Program Files\tuneup utilities 2006
2007-04-21 20:50 -------- d-------- C:\Program Files\ahead
2007-04-20 18:35 286720 --a------ C:\WINDOWS\iun506.exe
2007-04-18 17:16 733824 --a------ C:\WINDOWS\SYSTEM32\aswboot.exe
2007-04-18 17:12 94552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2007-04-18 17:12 85952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2007-04-18 17:10 23416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2007-04-18 17:09 43176 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2007-04-18 17:07 26888 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2007-04-18 17:06 90112 --a------ C:\WINDOWS\SYSTEM32\avastss.scr
2007-04-13 11:04 5071 --a------ C:\WINDOWS\mozver.dat
2007-04-12 21:41 4212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat
2007-04-11 16:52 -------- d-------- C:\Program Files\yahoo!
2007-04-10 10:40 -------- d-------- C:\Program Files\steam
2007-04-10 06:52 -------- d-------- C:\Program Files\xfire plus
2007-04-10 06:51 -------- d-------- C:\Program Files\winmx
2007-04-10 06:51 -------- d-------- C:\Program Files\voicemaskpro
2007-04-10 06:51 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-04-10 06:48 -------- d-------- C:\Program Files\shareaza
2007-04-10 06:30 -------- d-------- C:\Program Files\tortuga - pirates of the new world
2007-04-10 06:30 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\coreftp
2007-04-06 03:46 -------- d-------- C:\Program Files\smartftp client 2.0
2007-04-02 11:21 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\caphyon
2007-04-01 04:00 -------- d-------- C:\Program Files\bearshare applications
2007-04-01 03:16 -------- d-------- C:\Program Files\microsoft games
2007-03-29 01:26 -------- d-------- C:\Program Files\samp keybinds
2007-03-26 13:45 -------- d-------- C:\Program Files\azureus ultra accelerator
2007-03-26 13:45 -------- d-------- C:\Program Files\azureus speedup pro
2007-03-26 13:44 -------- d-------- C:\Program Files\webteh
2007-03-26 13:44 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\bsplayer
2007-03-26 01:05 646392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
2007-03-21 20:56 -------- d-------- C:\Program Files\rockstar games
2007-03-21 20:37 98304 --a------ C:\WINDOWS\SYSTEM32\cmdlineext.dll
2007-03-21 13:36 -------- d-------- C:\Program Files\nvidia corporation
2007-03-21 13:36 -------- d-------- C:\Program Files\Common Files\nvidia shared
2007-03-20 19:43 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\xfire plus
2007-03-20 19:38 -------- d-------- C:\Program Files\teamspeak2_rc2
2007-03-18 09:34 -------- d-------- C:\Program Files\msn messenger
2007-03-18 09:34 -------- d-------- C:\Program Files\messenger plus! live
2007-03-18 09:34 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\screenshot sender
2007-03-17 14:53 61 --a------ C:\WINDOWS\SYSTEM32\sysvcpdrv.sys
2007-03-17 14:50 -------- d-------- C:\Program Files\blaze audio
2007-03-17 14:43 292864 --a------ C:\WINDOWS\SYSTEM32\winsrv.dll
2007-03-17 12:50 28 --a------ C:\WINDOWS\SYSTEM32\srss.dat
2007-03-16 12:15 -------- d-------- C:\Program Files\ventsrv
2007-03-16 04:01 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\screaming bee
2007-03-16 03:57 -------- d-------- C:\Program Files\screaming bee
2007-03-16 01:47 73216 --a------ C:\WINDOWS\st6unst.exe
2007-03-16 01:47 286720 --------- C:\WINDOWS\setup1.exe
2007-03-14 19:27 972336 --a------ C:\WINDOWS\unrecode.exe
2007-03-14 19:20 133168 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\imagesrv.sys
2007-03-14 19:20 11568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\imagedrv.sys
2007-03-14 19:19 972336 --a------ C:\WINDOWS\unnerobackitup.exe
2007-03-14 19:19 95864 --a------ C:\WINDOWS\SYSTEM32\neroco.dll
2007-03-12 13:51 972336 --a------ C:\WINDOWS\unneromediahome.exe
2007-03-11 12:03 -------- d-------- C:\Program Files\aaresoft
2007-03-11 11:53 -------- d-------- C:\Program Files\avex
2007-03-10 07:15 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\motive
2007-03-10 05:53 34816 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSHDRV5C.sys
2007-03-09 04:07 -------- dr-h----- C:\DOCUME~1\-Raven-\APPLIC~1\yahoo!
2007-03-08 20:20 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\coolisoseek
2007-03-08 19:25 -------- d-------- C:\Program Files\bt home hub
2007-03-08 19:25 -------- d-------- C:\Program Files\bt broadband talk softphone
2007-03-08 19:19 -------- d-------- C:\Program Files\Common Files\motive
2007-03-08 19:19 -------- d-------- C:\Program Files\btbb_wcm
2007-03-08 16:36 577536 --a------ C:\WINDOWS\SYSTEM32\user32.dll
2007-03-08 16:36 40960 --a------ C:\WINDOWS\SYSTEM32\mf3216.dll
2007-03-08 16:36 281600 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll
2007-03-08 16:00 -------- d-------- C:\Program Files\coolisoseek
2007-03-08 14:47 1843584 --a------ C:\WINDOWS\SYSTEM32\win32k.sys
2007-03-05 13:55 -------- d-------- C:\Program Files\microsoft application compatibility toolkit 5
2007-03-05 01:10 147138 --a------ C:\DOCUME~1\-Raven-\APPLIC~1\cosmos prefs
2007-02-28 20:53 972336 --a------ C:\WINDOWS\unnerovision.exe
2007-02-28 15:41 972336 --a------ C:\WINDOWS\unneroshowtime.exe
2007-02-24 06:39 2318976 --a------ C:\WINDOWS\SYSTEM32\tukernel.exe
2007-02-20 13:31 2673 --a------ C:\WINDOWS\SYSTEM32\sdbackup.reg
2007-02-19 20:02 288 --a------ C:\WINDOWS\SYSTEM32\dvcstatebkp-{00000001-00000000-00000009-00001102-00000002-80611102}.dat
2007-02-19 20:02 288 --a------ C:\WINDOWS\SYSTEM32\dvcstate-{00000001-00000000-00000009-00001102-00000002-80611102}.dat
2007-02-14 01:49 2348 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-02-13 22:27 22016 --a------ C:\WINDOWS\SYSTEM32\partizan.exe
2007-02-05 21:17 185344 --a------ C:\WINDOWS\SYSTEM32\upnphost.dll
2007-02-02 00:22 58880 --a------ C:\WINDOWS\SYSTEM32\vgzcepj.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"="C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"avast!"="G:\\PROGRA~1\\APPLIC~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"GSICONEXE"="gsicon.exe"
"DSLAGENTEXE"="dslagent.exe"
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"=dword:00000001
"StartMenuLogOff"=dword:00000001
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{e57ce738-33e8-4c51-8354-bb4de9d215d1}"="C:\WINDOWS\system32\upnpui.dll"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winclk32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"eyeBeam SIP Client"="\"C:\\Program Files\\BT Broadband Talk Softphone\\BTSoftphone.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SNPSTD2"="C:\\WINDOWS\\vsnpstd2.exe"
"VC7Player"="C:\\Program Files\\HHVcdV7Sys\\VC7Play.exe"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~1.DLL,ClientStartup -s"
"TQ566808"="\"D:\\Setup.exe\""
"EPSON Stylus CX3600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P26 \"EPSON Stylus CX3600 Series\" /O6 \"USB001\" /M \"Stylus CX3600\""
"\\\\Office\\EPSON Stylus CX3600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P35 \"\\\\Office\\EPSON Stylus CX3600 Series\" /O6 \"USB001\" /M \"Stylus CX3600\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Computer Alarm Clock"="C:\\Program Files\\Computer Alarm Clock\\cac.exe"
"LWBMOUSE"="C:\\Program Files\\PERFECT SERIES\\Optical MOUSE\\4.0\\MOUSE32A.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"CTHelper"="CTHELPER.EXE"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"atwtusb"="atwtusb.exe beta"
"Motive SmartBridge"="C:\\PROGRA~1\\BTHOME~1\\Help\\SMARTB~1\\BTHelpNotifier.exe"
"StartBitsReadmeBias"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Interatomstartbits\\File Mags.exe"
"btbb_wcm_McciTrayApp"="C:\\Program Files\\btbb_wcm\\McciTrayApp.exe"
"XFP: Multi-IM"="\"C:\\Program Files\\Xfire Plus\\Multi-IM\\MultiIM.exe\""
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^-Raven-^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\-Raven-\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^-Raven-^Start Menu^Programs^Startup^MetaCafe.lnk]
"path"="C:\\Documents and Settings\\-Raven-\\Start Menu\\Programs\\Startup\\MetaCafe.lnk"
"backup"="C:\\WINDOWS\\pss\\MetaCafe.lnkStartup"
"location"="Startup"
"command"="G:\\PROGRA~1\\Metacafe\\METACA~1.EXE /startup"
"item"="MetaCafe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~3.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="G:\\PROGRA~1\\APPLIC~1\\ACROBA~1\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\BT Broadband Desktop Help.lnk"
"backup"="C:\\WINDOWS\\pss\\BT Broadband Desktop Help.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BTHOME~1\\Help\\bin\\matcli.exe -boot"
"item"="BT Broadband Desktop Help"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MetaCafe.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\MetaCafe.lnk"
"backup"="C:\\WINDOWS\\pss\\MetaCafe.lnkCommon Startup"
"location"="Common Startup"
"command"="G:\\PROGRA~1\\Metacafe\\METACA~1.EXE /startup"
"item"="MetaCafe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dslagent"
"hkey"="HKLM"
"command"="dslagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ClientGW"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\eSnips\\ClientGW.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="C:\\Program Files\\Steam\\Steam.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ulead Systems\\AutoDetector\\monitor.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zango"
"hkey"="HKLM"
"command"="\"c:\\program files\\zango\\zango.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Zboard"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ideazon\\ZEngine\\Zboard.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="\"G:\\Program Files\\Applications\\ZoneAlarm\\zlclient.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-02 11:29:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-02 11:31:32 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-02 11:31


Enjoy

0

Please rename hijackthis.exe to imabunny.exe, start it, do a Scan only and place checkmarks against the following for fixing, and press Fix Checked.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {69DC2C3D-BE96-4FEF-9878-E037F4090FB3} - C:\WINDOWS\system32\tjffrcyb.dll
O2 - BHO: (no name) - {721E3FFB-25B3-4CF7-A5DF-53D14BAE4183} - C:\WINDOWS\system32\vtsqr.dll (file missing)
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file)
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\xsapvtde.dll",realset
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\-Raven-\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O20 - Winlogon Notify: winclk32 - winclk32.dll (file missing)

Post a new HijackThis log. While I enjoy scanning your combofix log. Cynical swine.
-actually, these are my "crossword puzzles"

-could I see your old vundofix log also, please... combofix shows some files as once being there.. i cannot tell if they are still there without your log.

0

..and do a search for this file, pls [it is referenced in reg..]
winclk32.dll - i suspect it is/was in system32 - if you find it give me the path.

0

Okey dokey, I did the HJT thing, renamed the exe, ran it, did a scan, removed what you said o, then rescanned and got a log, here it is;

Logfile of HijackThis v1.99.1
Scan saved at 20:30:07, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\Program Files\Applications\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Xfire\Xfire.exe
G:\Program Files\Applications\Mozilla Firefox\firefox.exe
C:\Program Files\hijackThis\imabunny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Applications\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Here is the old VundoFix log file(i think...it was called vundofix.txt, so i assume it is it);


VundoFix V6.3.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 00:55:21 14/02/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 23:16:46 30/04/2007

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\bdgadbid.dll
C:\WINDOWS\SYSTEM32\cbxwvtu.dll
C:\WINDOWS\SYSTEM32\ddahmhcv.dll
C:\WINDOWS\SYSTEM32\edtvpasx.ini
C:\WINDOWS\SYSTEM32\edtvpasx.ini2
C:\WINDOWS\SYSTEM32\edtvpasx.tmp
C:\WINDOWS\SYSTEM32\elqxpjaq.dll
C:\WINDOWS\system32\hnrejsyj.dll
C:\WINDOWS\SYSTEM32\iifdeca.dll
C:\WINDOWS\SYSTEM32\jagfomsp.dll
C:\WINDOWS\SYSTEM32\kkrtqhws.dll
C:\WINDOWS\SYSTEM32\kopphxfj.dll
C:\WINDOWS\SYSTEM32\lckepqmm.dll
C:\WINDOWS\SYSTEM32\lhthabkp.dll
C:\WINDOWS\SYSTEM32\njacadui.dll
C:\WINDOWS\SYSTEM32\owpkhdgg.dll
C:\WINDOWS\SYSTEM32\qnfmabwq.dll
C:\WINDOWS\SYSTEM32\rhltqnal.dll
C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.bak2
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\SYSTEM32\teummyhu.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\SYSTEM32\wjtpflmh.dll
C:\WINDOWS\SYSTEM32\xsapvtde.dll
C:\WINDOWS\SYSTEM32\ykxwednd.dll
C:\WINDOWS\SYSTEM32\yohnkbbo.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\bdgadbid.dll
C:\WINDOWS\SYSTEM32\bdgadbid.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cbxwvtu.dll
C:\WINDOWS\SYSTEM32\cbxwvtu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\ddahmhcv.dll
C:\WINDOWS\SYSTEM32\ddahmhcv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\edtvpasx.ini
C:\WINDOWS\SYSTEM32\edtvpasx.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\edtvpasx.ini2
C:\WINDOWS\SYSTEM32\edtvpasx.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\edtvpasx.tmp
C:\WINDOWS\SYSTEM32\edtvpasx.tmp Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\elqxpjaq.dll
C:\WINDOWS\SYSTEM32\elqxpjaq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iifdeca.dll
C:\WINDOWS\SYSTEM32\iifdeca.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jagfomsp.dll
C:\WINDOWS\SYSTEM32\jagfomsp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\kkrtqhws.dll
C:\WINDOWS\SYSTEM32\kkrtqhws.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\kopphxfj.dll
C:\WINDOWS\SYSTEM32\kopphxfj.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lckepqmm.dll
C:\WINDOWS\SYSTEM32\lckepqmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lhthabkp.dll
C:\WINDOWS\SYSTEM32\lhthabkp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\njacadui.dll
C:\WINDOWS\SYSTEM32\njacadui.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\owpkhdgg.dll
C:\WINDOWS\SYSTEM32\owpkhdgg.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qnfmabwq.dll
C:\WINDOWS\SYSTEM32\qnfmabwq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rhltqnal.dll
C:\WINDOWS\SYSTEM32\rhltqnal.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqstv.bak2
C:\WINDOWS\system32\rqstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\teummyhu.dll
C:\WINDOWS\SYSTEM32\teummyhu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtsqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wjtpflmh.dll
C:\WINDOWS\SYSTEM32\wjtpflmh.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xsapvtde.dll
C:\WINDOWS\SYSTEM32\xsapvtde.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ykxwednd.dll
C:\WINDOWS\SYSTEM32\ykxwednd.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yohnkbbo.dll
C:\WINDOWS\SYSTEM32\yohnkbbo.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\cbxwvtu.dll
C:\WINDOWS\SYSTEM32\cbxwvtu.dll Has been deleted!

Performing Repairs to the registry.
Done!


And as for the file you wanted, i did a whole search onthe compuer, it isnt there. I dunno wether thats a good thing or not =P

0

Copy to notepad and save the lines between the stars as a file named wclkrem.reg to your desktop or C:\. Dclick it and answer Yes to merge it with your registry [it removes an entry to a malware file].
***********************************************
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winclk32]

***********************************************
Okay then.. moving on.... A point to make - I have included in the block of files to delete with Avenger one called partizan.exe: I can say that it is very doubtful..., but if you wish delete it from that list and instead go in to system32 and rename it to partizan.xbak [the x tells you it is an exe, right? if you need it back for a legit pgm..]

I don't know if you still have Vundofix [yours was the latest...] so here is the addy anyway.
[Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4 ]
Double-click VundoFix.exe to start it, click the Scan for Vundo button.
*****When the scan completes rclick inside the white text box, lclick the Addmore files? line, paste into the new window these two pathnames [one per line]:

C:\WINDOWS\SYSTEM32\vtsqo.dll
C:\WINNT\system32\oqstv.*

Click the Add Files button, and next the Remove Vundo button.*****

You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

You must be in an Administrator-privileged account to run this procedure...
==Download Avenger from http://swandog46.geekstogo.com/avenger.zip
-unzip it to your desktop and start it; select “Input script manually” and then click the magnifying glass icon. Paste into the box this line:-

Files to delete:
C:\WINDOWS\SYSTEM32\vtsqo.dll
C:\WINDOWS\SYSTEM32\qqstv.ini2
C:\kjhgc.exe
C:\WINDOWS\SYSTEM32\nvzrbgi_nav.dat
C:\WINDOWS\SYSTEM32\avastss.scr
C:\WINDOWS\SYSTEM32\tmp.reg
C:\WINDOWS\SYSTEM32\partizan.exe
C:\WINDOWS\SYSTEM32\vgzcepj.dll

...and click Done, and finally the green light.
Follow promps to reboot your machine.
[The files, etc., that you asked Avenger to delete are zipped to C:\avenger\backup.zip.]
Avenger creates a log file that should open with the results of its actions. This file is located at C:\avenger.txt

Please post that log file plus the contents of C:\vundofix.txt plus a new HijackThis log.

0

Ok, here are the logs, but in terms of deleting Partizan, I left it alone because it is my rootkit killer. The program as it comes up on startup is called: Regrun Partizan Rootkit Killer by Greatis Software. I used it when I had a rootkit problem, and kept it ever since with no further infections.

I followed your instructions, and I think it went off without a hitch, but you can be the judge of that with your godly patience and logfile reading skills. Once again, thank you for your time with helping me, its been a great help, and I really do appreciate it.

(Log file title are in bold font for easier reading =)

Avenger log file:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gbbtmcuq

*******************

Script file located at: \??\C:\Program Files\jireyoba.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\SYSTEM32\vtsqo.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\vtsqo.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\vtsqo.dll
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\qqstv.ini2 deleted successfully.
File C:\kjhgc.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\nvzrbgi_nav.dat deleted successfully.
File C:\WINDOWS\SYSTEM32\avastss.scr deleted successfully.
File C:\WINDOWS\SYSTEM32\tmp.reg deleted successfully.
File C:\WINDOWS\SYSTEM32\vgzcepj.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Vundofix Log File:


VundoFix V6.3.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 00:55:21 14/02/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 23:16:46 30/04/2007

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\bdgadbid.dll
C:\WINDOWS\SYSTEM32\cbxwvtu.dll
C:\WINDOWS\SYSTEM32\ddahmhcv.dll
C:\WINDOWS\SYSTEM32\edtvpasx.ini
C:\WINDOWS\SYSTEM32\edtvpasx.ini2
C:\WINDOWS\SYSTEM32\edtvpasx.tmp
C:\WINDOWS\SYSTEM32\elqxpjaq.dll
C:\WINDOWS\system32\hnrejsyj.dll
C:\WINDOWS\SYSTEM32\iifdeca.dll
C:\WINDOWS\SYSTEM32\jagfomsp.dll
C:\WINDOWS\SYSTEM32\kkrtqhws.dll
C:\WINDOWS\SYSTEM32\kopphxfj.dll
C:\WINDOWS\SYSTEM32\lckepqmm.dll
C:\WINDOWS\SYSTEM32\lhthabkp.dll
C:\WINDOWS\SYSTEM32\njacadui.dll
C:\WINDOWS\SYSTEM32\owpkhdgg.dll
C:\WINDOWS\SYSTEM32\qnfmabwq.dll
C:\WINDOWS\SYSTEM32\rhltqnal.dll
C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.bak2
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\SYSTEM32\teummyhu.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\SYSTEM32\wjtpflmh.dll
C:\WINDOWS\SYSTEM32\xsapvtde.dll
C:\WINDOWS\SYSTEM32\ykxwednd.dll
C:\WINDOWS\SYSTEM32\yohnkbbo.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\bdgadbid.dll
C:\WINDOWS\SYSTEM32\bdgadbid.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cbxwvtu.dll
C:\WINDOWS\SYSTEM32\cbxwvtu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\ddahmhcv.dll
C:\WINDOWS\SYSTEM32\ddahmhcv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\edtvpasx.ini
C:\WINDOWS\SYSTEM32\edtvpasx.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\edtvpasx.ini2
C:\WINDOWS\SYSTEM32\edtvpasx.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\edtvpasx.tmp
C:\WINDOWS\SYSTEM32\edtvpasx.tmp Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\elqxpjaq.dll
C:\WINDOWS\SYSTEM32\elqxpjaq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iifdeca.dll
C:\WINDOWS\SYSTEM32\iifdeca.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jagfomsp.dll
C:\WINDOWS\SYSTEM32\jagfomsp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\kkrtqhws.dll
C:\WINDOWS\SYSTEM32\kkrtqhws.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\kopphxfj.dll
C:\WINDOWS\SYSTEM32\kopphxfj.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lckepqmm.dll
C:\WINDOWS\SYSTEM32\lckepqmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lhthabkp.dll
C:\WINDOWS\SYSTEM32\lhthabkp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\njacadui.dll
C:\WINDOWS\SYSTEM32\njacadui.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\owpkhdgg.dll
C:\WINDOWS\SYSTEM32\owpkhdgg.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qnfmabwq.dll
C:\WINDOWS\SYSTEM32\qnfmabwq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rhltqnal.dll
C:\WINDOWS\SYSTEM32\rhltqnal.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqstv.bak2
C:\WINDOWS\system32\rqstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\teummyhu.dll
C:\WINDOWS\SYSTEM32\teummyhu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtsqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wjtpflmh.dll
C:\WINDOWS\SYSTEM32\wjtpflmh.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xsapvtde.dll
C:\WINDOWS\SYSTEM32\xsapvtde.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ykxwednd.dll
C:\WINDOWS\SYSTEM32\ykxwednd.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yohnkbbo.dll
C:\WINDOWS\SYSTEM32\yohnkbbo.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\cbxwvtu.dll
C:\WINDOWS\SYSTEM32\cbxwvtu.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 11:57:37 03/05/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\vtsqo.dll
C:\WINDOWS\SYSTEM32\vtsqo.dll Has been deleted!

Performing Repairs to the registry.
Done!

New HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:24:07, on 03/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\Program Files\Applications\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Program Files\Applications\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijackThis\imabunny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Applications\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

0

Thank you very much for the detailed feedback; about the best i've received [some folks you have to pick up n shake to get responses...]. I don't see any problems left, fixes seem to have gone smoothly so if you are happy delete the avenger backup folder and the vundo text, and the tools... no sense keeping what will be out of date in a month or so.
Thanks for the info on Partizan.
How's the sys working now?
Remember to update Java from control panel entry; then use add/remove pgms to delete all old versions.

0

I gotta say, the pc is running much much smoother now, thank you everso much, kudos on the response times and helpfulness, I really appreciate it, if i get any other troubles, I'm askin here, no questions asked. =D
Now I gotta figure out why my pc wont start up with the cd-drive plugged in =P

Thanks again

Raven

0

Hi,
Ive been experiencing the same problem and have run the HiJackThis and VundoFix program mentioned previously.
In the past (well, yesterday) i logged in and explorer.exe never restarted (it had restarted before but i reset the PC).
After using VundoFix, some files were deleted and then when i next logged on, i presume the files were replaced as in about 3 mins, my explorer.exe has closed again.

After doing running VundoFix, i use HiJackThis and the following log was created:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:40:16, on 5/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PS3Portal\hfs.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\William(2)\Desktop\imabunny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.karoo.co.uk/searchpage.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.karoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.karoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {96461F4E-EC90-4B85-8883-C44826553FDC} - C:\WINDOWS\system32\ddayy.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\nnnnopq.dll
O2 - BHO: (no name) - {C0A36393-2159-40FC-901A-8B17D98B2E2E} - C:\WINDOWS\system32\sstts.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Modem Booster] C:\Program Files\inKline Global\Modem Booster\modembtr.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SystemWeb] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\All Users\Application Data\SystemWeb\SystemWeb.dll" rdl
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PS Media Tunnel] C:\Program Files\Digital Integration Ltd\PS Media Tunnel\PSMediaTunnel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [vEmotion] C:\Program Files\freebird\vEmotion\vEmotion.exe /autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Policies\Explorer\Run: [{40C655E7-072C-1033-1001-04021804002c}] "C:\Program Files\Common Files\{40C655E7-072C-1033-1001-04021804002c}\Update.exe" mc-110-12-0002400
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{40C655E7-072C-1033-1001-04021804002c}] "C:\Program Files\Common Files\{40C655E7-072C-1033-1001-04021804002c}\Update.exe" mc-110-12-0002400 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{40C655E7-072C-1033-1001-04021804002c}] "C:\Program Files\Common Files\{40C655E7-072C-1033-1001-04021804002c}\Update.exe" mc-110-12-0002400 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Privoxy.lnk = C:\Documents and Settings\William\Desktop\Tor\Privoxy\privoxy.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://willdann.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158097880125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: nnnnopq - C:\WINDOWS\SYSTEM32\nnnnopq.dll
O20 - Winlogon Notify: sstts - C:\WINDOWS\system32\sstts.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 1: (no name) - http://www.lordsynbios.co.uk/videogames/sony/ps3/countdown.php

--
End of file - 15057 bytes


Please could you advise me how to fix the problem as the files are different to Ravens.


(Note: I have yet to run a Anti-Virus Scan)

0

Having same issue with explorer.exe. ran combofix, which Temporarily fixes my system, but after another 15 min or so its back to acting up. I deleted all restore points (purposely) because they were all infected. Any ideas on what im missing? I will post combofix & hijack logs as soon as i reach home

0

In a NEW thread, I hope. See that last bloke's post? It got missed cos the thread was marked solved by Raven.

0

I have same problem too just like WDN i have run VundoFix and after 5 minutes the explorer started to restarting again!!!! After i use a HiJack this is the log

Logfile of HijackThis v1.99.1
Scan saved at 12:57:05 AM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Downloads\Warcraft\VundoFix.exe
C:\WINDOWS\system32\imapi.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ALEX\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

and plzzz..... Help me....

0

This thread is now closed. If you need it reopened, please send a PM to one of our Mods.

Include the link to the thread and detail why you need it reopened.

If this is not your thread please start a New Topic.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.