0

my computer won't show my desktop or task bar and when i try to find explorer it's not there. I don't know if it's a virus or not so here is my hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:31 p.m., on 16/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Colin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/firefox?client=firefox-a&rls=org.mozilla:en-US:official
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [McRegWiz] "C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe" /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~3\masalert.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Daemon14] C:\PROGRA~1\MICROS~4\GAMECO~1\STRATE~1\daemon14.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Flashget] "C:\PROGRA~1\FlashGet\Flashget.exe" /min
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [E-Gold] c:\d.exe
O4 - HKLM\..\Run: [runner1] "C:\WINDOWS\retadpu1000106.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OrangeShark] C:\PROGRA~1\ORANGE~1\OSharkUpdater.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://www.siren24.com/nprotect/down/NPPWebInstallV2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ZH-CN/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1993F50-092B-4FB2-9DB2-D4DCB814E0C4}: NameServer = 202.180.64.9,202.180.64.2
O20 - AppInit_DLLs: sockspy.dll c:\windows\system32\ldcore.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: eMule MorphXT as a service (eMule) - http://emulemorph.sourceforge.net - D:\Downloads\software\eMule\emule.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

2
Contributors
7
Replies
8
Views
9 Years
Discussion Span
Last Post by crunchie
0

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the
    Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract
    All
    ,
  • Open the extracted folder and double click RunThis.bat to
    start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the
    registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool
    will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and
    display Finished, then press any key to end the script and load
    your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the
    contents of the results file Report.txt back onto the forum with
    a new HijackThis log
0

Its still the same, I still can't open windows explorer because when i do it flashes and closes itself and i still can't see my desktop or task bar. I followed your instructions and here is the log

SDFix: Version 1.104

Run by Colin on Mon 17/09/2007 at 04:33 p.m.

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Colin\Desktop\SDFix

Safe Mode:
Checking Services:

Name:
NtmlSvc

ImagePath:
%SystemRoot%\System32\svchost.exe -k netsvcs

NtmlSvc - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

0

Finally open the SDFix folder on your desktop and copy and paste the
contents of the results file Report.txt back onto the forum with
a new HijackThis log

You only posted half the SDFix log and never posted a new hijackthis log at all.

0

ok sry

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:14 p.m., on 18/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Colin\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/firefox?client=firefox-a&rls=org.mozilla:en-US:official
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Daemon14] C:\PROGRA~1\MICROS~4\GAMECO~1\STRATE~1\daemon14.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Flashget] "C:\PROGRA~1\FlashGet\Flashget.exe" /min
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OrangeShark] C:\PROGRA~1\ORANGE~1\OSharkUpdater.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://www.siren24.com/nprotect/down/NPPWebInstallV2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ZH-CN/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1993F50-092B-4FB2-9DB2-D4DCB814E0C4}: NameServer = 202.180.64.9,202.180.64.2
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eMule MorphXT as a service (eMule) - http://emulemorph.sourceforge.net - D:\Downloads\software\eMule\emule.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


SD fix log file



SDFix: Version 1.104


Run by Colin on Mon 17/09/2007 at 06:24 p.m.


Microsoft Windows XP [Version 5.1.2600]


Running From: C:\DOCUME~1\Colin\Desktop\SDFix


Safe Mode:
Checking Services:


Name:
NtmlSvc
xpdx


ImagePath:


NtmlSvc - Deleted
xpdx - Deleted


Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...


Service asc3550v - Deleted after Reboot


Normal Mode:
Checking Files:


Trojan Files Found:


C:\-58840~1 - Deleted
C:\WINDOWS\Temp\win100.tmp.exe - Deleted
C:\WINDOWS\Temp\win107.tmp.exe - Deleted
C:\WINDOWS\Temp\win109.tmp.exe - Deleted
C:\WINDOWS\Temp\win10C.tmp.exe - Deleted
C:\WINDOWS\Temp\win10E.tmp.exe - Deleted
C:\WINDOWS\Temp\win121.tmp.exe - Deleted
C:\WINDOWS\Temp\win125.tmp.exe - Deleted
C:\WINDOWS\Temp\win2F.tmp.exe - Deleted
C:\WINDOWS\Temp\win31.tmp.exe - Deleted
C:\WINDOWS\Temp\win33.tmp.exe - Deleted
C:\WINDOWS\Temp\win35.tmp.exe - Deleted
C:\WINDOWS\Temp\win37.tmp.exe - Deleted
C:\WINDOWS\Temp\win3B.tmp.exe - Deleted
C:\WINDOWS\Temp\win3F.tmp.exe - Deleted
C:\WINDOWS\Temp\win55.tmp.exe - Deleted
C:\WINDOWS\Temp\win57.tmp.exe - Deleted
C:\WINDOWS\Temp\win59.tmp.exe - Deleted
C:\WINDOWS\Temp\win5B.tmp.exe - Deleted
C:\WINDOWS\Temp\win5D.tmp.exe - Deleted
C:\WINDOWS\Temp\win61.tmp.exe - Deleted
C:\WINDOWS\Temp\win65.tmp.exe - Deleted
C:\WINDOWS\Temp\winEA.tmp.exe - Deleted
C:\WINDOWS\Temp\winEC.tmp.exe - Deleted
C:\WINDOWS\Temp\winEE.tmp.exe - Deleted
C:\WINDOWS\Temp\winF0.tmp.exe - Deleted
C:\WINDOWS\Temp\winF2.tmp.exe - Deleted
C:\WINDOWS\Temp\winF6.tmp.exe - Deleted
C:\WINDOWS\Temp\winFA.tmp.exe - Deleted
C:\WINDOWS\Temp\win100.tmp.exe - Deleted
C:\WINDOWS\Temp\win107.tmp.exe - Deleted
C:\WINDOWS\Temp\win109.tmp.exe - Deleted
C:\WINDOWS\Temp\win10C.tmp.exe - Deleted
C:\WINDOWS\Temp\win10E.tmp.exe - Deleted
C:\WINDOWS\Temp\win121.tmp.exe - Deleted
C:\WINDOWS\Temp\win125.tmp.exe - Deleted
C:\WINDOWS\Temp\win2F.tmp.exe - Deleted
C:\WINDOWS\Temp\win31.tmp.exe - Deleted
C:\WINDOWS\Temp\win33.tmp.exe - Deleted
C:\WINDOWS\Temp\win35.tmp.exe - Deleted
C:\WINDOWS\Temp\win37.tmp.exe - Deleted
C:\WINDOWS\Temp\win3B.tmp.exe - Deleted
C:\WINDOWS\Temp\win3F.tmp.exe - Deleted
C:\WINDOWS\Temp\win55.tmp.exe - Deleted
C:\WINDOWS\Temp\win57.tmp.exe - Deleted
C:\WINDOWS\Temp\win59.tmp.exe - Deleted
C:\WINDOWS\Temp\win5B.tmp.exe - Deleted
C:\WINDOWS\Temp\win5D.tmp.exe - Deleted
C:\WINDOWS\Temp\win61.tmp.exe - Deleted
C:\WINDOWS\Temp\win65.tmp.exe - Deleted
C:\WINDOWS\Temp\winEA.tmp.exe - Deleted
C:\WINDOWS\Temp\winEC.tmp.exe - Deleted
C:\WINDOWS\Temp\winEE.tmp.exe - Deleted
C:\WINDOWS\Temp\winF0.tmp.exe - Deleted
C:\WINDOWS\Temp\winF2.tmp.exe - Deleted
C:\WINDOWS\Temp\winF6.tmp.exe - Deleted
C:\WINDOWS\Temp\winFA.tmp.exe - Deleted
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll  - Deleted
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll  - Deleted
C:\DOCUME~1\Colin\LOCALS~1\Temp\explorer3.exe  - Deleted
C:\WINDOWS\avp.exe  - Deleted
C:\WINDOWS\csrss.exe  - Deleted
C:\WINDOWS\mgrs.exe  - Deleted
C:\WINDOWS\system32\ldinfo.ldr  - Deleted
C:\WINDOWS\system32\n.ini  - Deleted
C:\WINDOWS\Temp\$_2341233.TMP  - Deleted
C:\WINDOWS\Temp\$_2341234.TMP  - Deleted
C:\WINDOWS\Temp\$b17a2e8.tmp  - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win100.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win107.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win109.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win10C.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win10E.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win121.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win125.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win2F.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win31.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win33.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win35.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win37.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win3B.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win3F.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win55.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win57.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win59.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win5B.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win5D.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win61.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win65.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\winEA.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\winEC.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\winEE.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\winF0.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\winF2.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\winF6.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\winFA.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win100.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win107.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win109.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win10C.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win10E.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win121.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win125.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win2F.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win31.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win33.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win35.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win37.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win3B.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win3F.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win55.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win57.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win59.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win5B.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win5D.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win61.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\win65.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\winEA.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\winEC.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\winEE.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\winF0.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\winF2.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\winF6.tmp.exe - Deleted
C:\Documents and Settings\Colin\Desktop\SDFix\backups_old1\winFA.tmp.exe - Deleted
C:\WINDOWS\system32\xpdx.sys - Deleted
C:\WINDOWS\system32\drivers\asc3550v.sys  - Deleted



Folder C:\Temp\fse - Removed
Folder C:\WINDOWS\system32\f06WtR - Removed


Removing Temp Files...


ADS Check:


C:\WINDOWS
No streams found.


C:\WINDOWS\system32
No streams found.


C:\WINDOWS\system32\svchost.exe
No streams found.


C:\WINDOWS\system32\ntoskrnl.exe
No streams found.


Final Check:


Remaining Services:
------------------



Authorized Application Key Export:


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\Colin\\LOCALS~1\\Temp\\winCE.tmp.exe"="C:\\DOCUME~1\\Colin\\LOCALS~1\\Temp\\winCE.tmp.exe:*:Enabled:winCE.tmp"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------


File Backups: - C:\DOCUME~1\Colin\Desktop\SDFix\backups\backups.zip


Files with Hidden Attributes:


C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\blew_up_once@hotmail.com\Sharing Folders\jayevanpaskell@hotmail.com\Thumbs.db
C:\Program Files\eRightSoft\SUPER\cygwin1.dll
C:\Program Files\eRightSoft\SUPER\cygz.dll
C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll
C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll
C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll
C:\WINDOWS\system32\flvDX.dll
C:\WINDOWS\system32\msfDX.dll
C:\Program Files\eRightSoft\SUPER\Setup.exe
C:\Program Files\FlashGet\Torrent\MapleSEA_MSSetup061213a.exe.torrent.bits
C:\Program Files\FlashGet\Torrent\MapleSEA_MSSetup061213a.exe.torrent.filelist
C:\Program Files\FlashGet\Torrent\MapleSEA_MSSetup061213a.exe.torrent.seeds
C:\Program Files\FlashGet\Torrent\MapleSEA_MSSetup061213a.exe.torrent.~tmp
C:\Program Files\Softwin\BitDefender9\Quarantine\isamini.exe
C:\Program Files\Softwin\BitDefender9\Quarantine\isamonitor.exe
C:\Program Files\Softwin\BitDefender9\Quarantine\pmmon.exe
C:\Program Files\Softwin\BitDefender9\Quarantine\pmsngr.exe
C:\Program Files\Softwin\BitDefender9\Quarantine\wunauclt.exe
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS01267FDF-147F-4F51-8BE4-23D751AD62E7.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS013285E7-03FB-4650-8F99-DB8DEB58ECC7.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS063F9517-BFCA-4C10-AED3-1F50FD7BC80C.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS06D664B0-23CF-4CC1-ABD5-9BF7CD4CAA6C.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0AAC10A5-5482-4FFC-82A9-68F5B48686E7.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0F4910C7-1781-470E-B32B-E31492D39E0F.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS124A2AC7-28B7-4A7A-90F6-0B8AAD792534.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS173441B7-921A-42C3-9F21-74658201C4F8.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS187F04E0-321A-4E13-89BE-D2C00795CE5F.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1D52EA21-0660-4D36-A977-425F044CB20A.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1F4AEA8F-881A-4A1C-A55C-5B0C6AF92A08.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1FA8E10C-EA08-4AB4-A90E-5DE4F6DC8513.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS21158701-90E5-4A2C-A63E-F9A0D48A11B0.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2D0FD30E-17DC-44D4-8A3F-A4C4D0D2612B.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS34A148EB-367B-4F86-BD57-E806DC84C627.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS407FD78D-9F5C-48AE-A190-677186AC471F.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4128023C-B10E-4DE6-BCB3-8818992B2AFC.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS41904303-3CBE-43AC-AB6F-2D267EC6370D.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS420A4BF3-1BE6-4845-BD73-7BE550F44948.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS43D92570-1872-45D6-9D1C-A6BD3E581B7E.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4F1A0AF6-3ABA-478B-8429-A9C5D927BBB3.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4F6ED58C-E22A-47F4-A26C-D42A411E8945.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS58077E84-B974-49F7-8DA7-8757178A00FD.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5C694F71-4DF6-44A4-9247-9C2FE125D383.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5F109305-4F58-4E0E-9554-73D5D9123FA4.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS621C2BD4-877A-4ED1-8C7E-93ACCFC27476.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS63353152-7677-4116-A144-0387A05029A3.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS64133E0E-BAC2-449B-9722-DE57A1F7A2E5.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6EB8E16F-F600-437F-B43D-8D26F404C2F7.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS72AD3FD3-2170-4EAD-846D-2808CBA75C07.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS79C71CBE-0E62-443C-9A52-5BB14D4E3600.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS79F455F2-3AED-4046-A798-D43A84CDB8E6.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7A73C532-E803-44C2-AD74-4D032C85B787.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7D814DDE-9499-4C53-9CF2-9C5C8939102D.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7EBB7A04-4BFF-4470-993A-B33DFA2B1BA9.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7F93D7DC-85EE-4404-A3F3-4FDFB9D1DFF4.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8450FFFA-5C99-4859-9341-6594AEE5F1ED.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS861D9A5B-52C8-4485-B101-B7C47E6B6AA7.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS876DBAF0-2C88-4BC4-B6A6-4CDD6801B3AC.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS89B6BA50-9615-4B3E-A494-A599FE75B809.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8FE11C11-E436-4C42-BB7B-81737135E646.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS969C7C2D-46A7-470C-87CE-A796EF747BDD.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9930EFAE-BD46-4533-960A-EFA867D6334E.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9DA8E29E-03AD-4904-A5E2-F8AC85FEB6F6.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA35218A1-E91D-472B-81E1-B5712288497E.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA58A81A4-B9DE-40D8-8A4E-7099520C4154.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA5D03B07-DBB6-44F7-BB55-2F49D0737AF1.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA6E3736D-E1BE-4771-9BEF-5114B98F4BED.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA7F4BCC6-46BC-4CCC-92AC-57E1C02B6845.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAA55F4A0-933B-40BC-A39C-BDB9172D8D25.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB1C5280D-42A8-497A-B384-81B8BEFFC845.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB1FED41F-69B0-423E-ABCD-06841CB5AB32.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB4E4C3C2-4271-4D34-A6E9-96279A1837F4.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB5EB7AAA-3B8B-4B9D-BF30-EF59A1041927.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB6623D2B-C4CB-4CE7-9667-602975F8537E.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC3671D39-0FE7-48FC-AC99-87CC9989FE74.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC66304CF-3BCA-41B3-B867-E28DAEEBEA2D.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC8E486BC-29F2-43AA-9019-5564069FA00C.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCD5A58E0-2B51-4A07-B1F7-D56C26738CE8.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCEA3CA27-A9AB-4A29-B1CF-CA25CF621810.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD60D3F8F-9EFB-4E7E-AA13-02F7047FA6EF.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD96E2C96-CC4D-4E10-9576-42A42C3F8846.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDC90E3B2-F9BC-4A96-B078-0B997E510D9E.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDFF8B34D-ACA0-464E-A140-15EFB9E358C4.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE30E477C-1462-4E2C-97AE-428F75F29F22.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE4690C56-58C5-4AC5-B705-CEE15490F0AF.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEEAE067C-D3A5-4B63-966A-DFA96351D926.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF3FA3B0A-A9BE-48A7-B581-33CAEDF18691.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF795BE5C-EE9D-4CEA-BA02-5A6FCF61642A.tmp
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF82A5C88-AEED-4B75-BE1D-3518A5679A6A.tmp
C:\Program Files\serial.zip
C:\Program Files\wunauclt.zip


Finished!

Edited by happygeek: fixed formatting

0

Can you do me a favour and right click on hijackthis.exe and select Rename. Change the name to analysethis and rescan and post another log.
Hopefully doing this will reveal some other entries.

0

ok here is my new hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:09 p.m., on 19/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Colin\Desktop\analysethis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/firefox?client=firefox-a&rls=org.mozilla:en-US:official
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {162D201D-75D0-4971-9968-C38B7268A82B} - C:\WINDOWS\system32\pmnlj.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {71B641C8-609B-4361-8F75-34491667A16F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - C:\WINDOWS\system32\rqrppol.dll
O2 - BHO: (no name) - {E51FF307-B4D2-4CF9-A91A-62B5E44A5FF4} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Daemon14] C:\PROGRA~1\MICROS~4\GAMECO~1\STRATE~1\daemon14.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Flashget] "C:\PROGRA~1\FlashGet\Flashget.exe" /min
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OrangeShark] C:\PROGRA~1\ORANGE~1\OSharkUpdater.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://www.siren24.com/nprotect/down/NPPWebInstallV2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ZH-CN/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7C564BC7-73BD-4750-A90A-8FF2D8C8C64B} (SysInfo Control) - http://www.cabal.co.kr/Include/SysInfo.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1993F50-092B-4FB2-9DB2-D4DCB814E0C4}: NameServer = 202.180.64.9,202.180.64.2
O20 - Winlogon Notify: rqrppol - C:\WINDOWS\SYSTEM32\rqrppol.dll
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eMule MorphXT as a service (eMule) - http://emulemorph.sourceforge.net - D:\Downloads\software\eMule\emule.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService

0

Cool.

Please download VundoFix.exe
to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HijackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.