Vundo, Popups, etc

Oh yes, I have also run Vundofix! It found a few things and I repaired them with it but the log I posted is current and I am still having the popups.

Quite an armoury you ran. Love to see the Vundofix log you have.... but it did not finish its job - the trick is to run it a few times, as it cleans it "learns". You look to see that it has deleted all that it found, if not you plug it in again. But if it comes up with the same log result a couple of runs in a row then it is stuck. Post the log [btw, that log is additive...]
I've always wanted to visit NB... well actually, if I ever got that far I'd probably beeline for Newfoundland, maybe Nova Scotia.. St John, eh? I unny ever get to the west side, for skiing....

Hi! Yeah NB is a nice place in my opinion. The fall is beautiful :)

Well, here is what I got from Vundofix:

VundoFix V6.5.11

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 3:20:01 PM 10/28/2007

Listing files found while scanning....

C:\windows\system32\chqjwmtg.dll
C:\WINDOWS\system32\endmngoe.dll
C:\WINDOWS\system32\opnoljg.dll
C:\WINDOWS\system32\xxjawutj.dll

Beginning removal...

Attempting to delete C:\windows\system32\chqjwmtg.dll
C:\windows\system32\chqjwmtg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\endmngoe.dll
C:\WINDOWS\system32\endmngoe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnoljg.dll
C:\WINDOWS\system32\opnoljg.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\xxjawutj.dll
C:\WINDOWS\system32\xxjawutj.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\opnoljg.dll
C:\WINDOWS\system32\opnoljg.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.11

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 10:31:32 PM 10/28/2007

Listing files found while scanning....

No infected files were found.

So I take it I should update Java somehow? haha Anything else? I'm sure there's more to the fix than this too.

If anyone can help me out I would REALLY appreciate it. I'm going crazy here :P

Oh, yes, there is more. Run these next and we'll see where to go from there:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply witha fresh hijackthis scan.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:34:00 PM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/redir.asp?affid=105-17&installtype=force&dtag=6l39x51&langid=1&systempopup=true
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe-start
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-APPKEY=Motive -WindowContext=ReportAgent -url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [QuickGammaLoader] C:\Program Files\QuickGamma\QuickGammaLoader.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://valosoul.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139721780812
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{21F55EFB-20C7-47E8-9614-415D0D08D7DE}: NameServer = 198.164.30.64,198.164.4.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{21F55EFB-20C7-47E8-9614-415D0D08D7DE}: NameServer = 198.164.30.64,198.164.4.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{21F55EFB-20C7-47E8-9614-415D0D08D7DE}: NameServer = 198.164.30.64,198.164.4.62
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe (file missing)
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 11157 bytes

And then Combofix:

ComboFix 07-10-29.1 - Jay Sizzle 2007-10-30 18:22:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502 [GMT -3:00]
Running from: C:\Documents and Settings\Jay Sizzle\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jay Sizzle\My Documents\internet.lnk
C:\Program Files\Common Files\crosof~1
C:\Program Files\Common Files\crosof~1\spoolsv.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\endmngoe.dllbox
C:\WINDOWS\system32\eqpgqbri.ini
C:\WINDOWS\system32\hkqipxtl.ini
C:\WINDOWS\system32\ihhkj.bak1
C:\WINDOWS\system32\ihhkj.bak2
C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\irbqgpqe.dll
C:\WINDOWS\system32\ltxpiqkh.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm

((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.

2007-10-30 18:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 15:55 11,254 --a------ C:\WINDOWS\system32\locate.com
2007-10-30 14:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-29 22:53 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-10-29 22:53 <DIR> d-------- C:\Documents and Settings\Jay Sizzle\Application Data\Sunbelt Software
2007-10-29 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-10-29 22:41 <DIR> d-------- C:\Program Files\CCleaner
2007-10-29 20:16 589 --a------ C:\WINDOWS\system32\tnsjhryq.dll
2007-10-29 00:04 1,395 --a------ C:\WINDOWS\mozver.dat
2007-10-28 21:12 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-10-28 21:12 <DIR> d-------- C:\Documents and Settings\Jay Sizzle\Application Data\PC Tools
2007-10-28 21:12 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-28 21:12 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-28 21:12 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-28 21:12 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-28 19:15 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-28 17:59 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-28 15:20 <DIR> d-------- C:\VundoFix Backups
2007-10-27 15:25 22,328 --a------ C:\Documents and Settings\Jay Sizzle\Application Data\PnkBstrK.sys
2007-10-25 23:31 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-25 23:31 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-10-25 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-10-25 22:02 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-10-25 21:47 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
2007-10-25 21:47 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2007-10-25 21:47 169,856 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys
2007-10-25 21:47 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2007-10-25 21:47 15,360 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2007-10-25 21:47 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2007-10-25 21:47 11,776 --a--c--- C:\WINDOWS\system32\dllcache\bdasup.sys
2007-10-24 13:36 <DIR> d-------- C:\Program Files\Photomatix
2007-10-23 18:13 <DIR> d-------- C:\Program Files\Webcam Video Capture
2007-10-23 18:13 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2007-10-23 17:58 <DIR> d-------- C:\Program Files\Orbitdownloader
2007-10-23 17:58 <DIR> d-------- C:\Downloads
2007-10-23 17:58 <DIR> d-------- C:\Documents and Settings\Jay Sizzle\Application Data\Orbit
2007-10-23 15:17 <DIR> d-------- C:\Documents and Settings\Jay Sizzle\Application Data\DOT-TUNES
2007-10-21 20:01 <DIR> d-------- C:\Program Files\Videora
2007-10-21 20:01 <DIR> d-------- C:\Program Files\BitComet
2007-10-20 12:44 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-10-20 12:25 <DIR> d-------- C:\Program Files\Handbrake
2007-10-20 11:54 <DIR> d-------- C:\Program Files\Ipod Video Converter
2007-10-20 11:25 <DIR> d-------- C:\ConverterOutput
2007-10-20 11:24 <DIR> d-------- C:\Program Files\Cucusoft
2007-10-20 11:24 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-10-20 11:24 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-10-20 11:24 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-10-20 11:24 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-10-20 11:24 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-10-20 00:50 <DIR> d-------- C:\iPod Source Movies
2007-10-19 22:58 <DIR> d-------- C:\iPod Movies
2007-10-18 22:10 <DIR> d-------- C:\Program Files\Red Kawa
2007-10-18 22:10 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-10-18 17:29 <DIR> d-------- C:\Program Files\MoviePod
2007-10-14 16:12 <DIR> d-------- C:\Program Files\DIFX
2007-10-13 23:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-11 16:34 <DIR> d-------- C:\Documents and Settings\Jay Sizzle\Application Data\Image Zone Express
2007-10-11 16:30 <DIR> d-------- C:\Program Files\Common Files\HP
2007-10-11 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-10-11 16:29 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-10-11 16:24 113,003 --a------ C:\WINDOWS\hpoins07.dat
2007-10-11 01:41 <DIR> d-------- C:\Program Files\QuickTime
2007-10-11 01:41 <DIR> d-------- C:\Program Files\iTunes
2007-10-11 01:41 <DIR> d-------- C:\Program Files\iPod
2007-10-11 01:40 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-10-11 01:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-11 01:40 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-08 01:10 <DIR> d-------- C:\Documents and Settings\Jay Sizzle\Application Data\DivX
2007-10-02 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-09-28 13:08 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 13:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 13:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-09-28 13:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-09-28 13:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-09-23 00:12 286,720 --a------ C:\WINDOWS\iun507.exe
2007-09-23 00:11 <DIR> d-------- C:\Program Files\RescuePRO
2007-09-17 18:36 <DIR> d-------- C:\Documents and Settings\Jay Sizzle\Application Data\ZoomBrowser EX
2007-09-17 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-09-14 14:19 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-09-14 14:19 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-09-14 14:19 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-09-10 01:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-09-01 19:04 <DIR> d-------- C:\Program Files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 20:19 --------- d-----w C:\Program Files\Steam
2007-10-30 19:17 --------- d-----w C:\Program Files\Skype
2007-10-30 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-10-30 19:16 --------- d-----w C:\Documents and Settings\Jay Sizzle\Application Data\Skype
2007-10-30 18:07 --------- d-----w C:\Program Files\MSN Messenger
2007-10-30 18:07 --------- d-----w C:\Program Files\Microsoft LifeChat
2007-10-30 18:03 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-10-30 02:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-30 02:12 --------- d-----w C:\Program Files\ewido anti-malware
2007-10-29 23:36 --------- d-----w C:\Program Files\Java
2007-10-27 18:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 02:29 --------- d-----w C:\Program Files\Warcraft III
2007-10-26 01:31 --------- d-----w C:\Program Files\QuickMonitorProfile
2007-10-26 01:02 --------- d-----w C:\Documents and Settings\Jay Sizzle\Application Data\ATI
2007-10-26 00:58 --------- d-----w C:\Program Files\ATI Technologies
2007-10-25 04:41 --------- d-----w C:\Documents and Settings\Jay Sizzle\Application Data\BitTorrent
2007-10-18 22:08 --------- d-----w C:\Documents and Settings\Jay Sizzle\Application Data\Apple Computer
2007-10-15 21:42 --------- d-----w C:\Program Files\BitTorrent
2007-10-13 21:00 --------- d-----w C:\Documents and Settings\Jay Sizzle\Application Data\HP
2007-10-11 19:30 --------- d-----w C:\Program Files\HP
2007-10-11 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-11 04:40 --------- d-----w C:\Program Files\Apple Software Update
2007-10-08 04:10 --------- d-----w C:\Program Files\DivX
2007-10-03 21:45 --------- d-----w C:\Program Files\Yahoo!
2007-10-02 22:53 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-29 00:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-09-17 21:25 --------- d-----w C:\Program Files\Canon
2007-09-02 20:53 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-30 21:34 --------- d-----w C:\Program Files\Google
2007-08-27 14:26 27,120 ----a-w C:\WINDOWS\system32\SBBD.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 22:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 22:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 22:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 22:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 22:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 22:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 22:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 22:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 22:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 22:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-15 16:09 249,856 ----a-w C:\WINDOWS\system32\Photomatix25Lib2.dll
2007-07-12 18:17 167,936 ----a-w C:\WINDOWS\system32\Photomatix25Lib3.dll
2007-07-09 16:51 266,240 ----a-w C:\WINDOWS\system32\Photomatix25Lib.dll
2007-07-09 13:16 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
2007-04-18 23:36 30,615 -c--a-w C:\Documents and Settings\Jay Sizzle\x.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18]
"AsioReg"="REGSVR32.exe" [2004-08-12 11:04 C:\WINDOWS\system32\regsvr32.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe-start" []
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 15:31]
"MotiveReportAgent"="C:\Program Files\Common Files\Motive\McciBootStrapper.exe" [2007-05-29 15:11]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 06:32]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 12:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-02-12 12:19]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickGammaLoader"="C:\Program Files\QuickGamma\QuickGammaLoader.exe" [2005-03-28 01:13]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 10:56]
"Steam"="" []
"SB Audigy 2 Startup Menu"=" /L:ENG" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
S2 P1C1394;Phase One 1394 Camera Driver;C:\WINDOWS\system32\Drivers\p1c1394.sys
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-22 15:48:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 18:28:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\winhelp.exe 256192 bytes
C:\WINDOWS\winhlp32.exe 283648 bytes executable
C:\WINDOWS\wininit.ini 138 bytes
C:\WINDOWS\winnt.bmp 48680 bytes
C:\WINDOWS\winnt256.bmp 48680 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\WORDPAD.INI 754 bytes
C:\WINDOWS\WRUninstall.dll 478720 bytes executable
C:\WINDOWS\Zapotec.bmp 9522 bytes
C:\WINDOWS\_default.pif 707 bytes
C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-10031102}.CDF 4481358 bytes
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsUpdate.log 1065956 bytes

scan completed successfully
hidden files: 14

**************************************************************************
.
Completion time: 2007-10-30 18:31:02 - machine was rebooted
.
--- E O F ---

Valo, would you start hijackthis, Misc Tools , ADS spy > scan and post the log pls.

It said "Scan Complete" and nothing came up. No text whatsoever so there was no log :S

Ok, if you delete these two files you should be in the clear:

C:\WINDOWS\system32\locate.com -I am sure this one is part of an adware system, you can check the properties of your copy to be sure.
C:\WINDOWS\system32\tnsjhryq.dll

If the last fights deletion, do it from safe mode.

I don't know why these are hidden on your machine, it is not normal. This should reverse that situation:
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as fixatt.bat, as type "all files", to your desktop; dclick it to run...

__________________________________________________________
attrib -r -h C:\WINDOWS\winhelp.exe
attrib -r -h C:\WINDOWS\winhlp32.exe
attrib -r -h C:\WINDOWS\wininit.ini
attrib -r -h C:\WINDOWS\winnt.bmp
attrib -r -h C:\WINDOWS\winnt256.bmp
attrib -h C:\WINDOWS\WinSxS
attrib -r -h C:\WINDOWS\WMSysPr9.prx
attrib -r -h C:\WINDOWS\WORDPAD.INI
attrib -r -h C:\WINDOWS\WRUninstall.dll
attrib -r -h C:\WINDOWS\Zapotec.bmp
attrib -r -h C:\WINDOWS\_default.pif
attrib -r -h C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-10031102}.CDF
attrib -r -h C:\WINDOWS\WindowsUpdate.log
__________________________________________________________

Ok I couldn't restart in safe mode. When I choose safe mode and hit enter, it loads up a whole screen full of text... something like "C:/windows/partition(2)system32.mups"
etc.etc... a whole screen of stuff like that :S

So maybe my problem is even deeper?

I deleted the 2 files in normal mode though.

As safe mode loads the files and drivers etc for a reduced operating system it reels off their names as it reads them in from HD - that black screen of rapidly scrolling text is normal. It then stops at an administrator accounts only login screen.
C:\Windows\system32\mups.sys is where it stops scrolling; if you see it,it has been loaded. If you don't get from there to the black safe mode screen followed by the login screen, then I don't have any advice on that.
Where is that partition(2) bit coming from?

Hmmm.. I see. Yeah it ends at mups.sys and then nothing happens. It sounds as if my computer is loading and loading but I let it load for about 10 mins and nothing happened. The HDD just keeps clicking away and nothing changes.

Not sure about the partition(2) thing either. It says that in front of every line of text on that black screen.

Gerbil: Here is a new HJT log just to ensure things look ok. I'll try to find out about the safe mode thing perhaps in another thread. Thank you SO much for your help though.

I've started using Firefox now so I don't even know if the IE expolere popups still happen (I don't want to temp it lol) but we'll see. I don't notice any immediate problems right now though :)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:24:21 PM, on 10/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/redir.asp?affid=105-17&installtype=force&dtag=6l39x51&langid=1&systempopup=true
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe-start
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-APPKEY=Motive -WindowContext=ReportAgent -url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [QuickGammaLoader] C:\Program Files\QuickGamma\QuickGammaLoader.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe" /AutoRun
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://valosoul.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139721780812
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{21F55EFB-20C7-47E8-9614-415D0D08D7DE}: NameServer = 198.164.30.64,198.164.4.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{21F55EFB-20C7-47E8-9614-415D0D08D7DE}: NameServer = 198.164.30.64,198.164.4.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{21F55EFB-20C7-47E8-9614-415D0D08D7DE}: NameServer = 198.164.30.64,198.164.4.62
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 9658 bytes

I have not seen that partition(2) tag before.... are you sure there is no partition before C on your HD? It does not matter; A, B are reserved for floppy drives, but you can put H etc before C if you wish, letter ordering is not impt.
Check in CP, Admin tools, computer mgmt > disk mgmt. See there also that C is your system drive, tagged as such [if u rclick C the line Mark parition as Active will be greyed out..]
Right, the log. It's good.

Mark partition as active is indeed greyed out. Above this I also have a 3.49GB FAT32 and 47MB FAT partition.

Ah, okay.... One of those is not being seen? Partition count starts at 1; eg C is often the first partition on most sys and is partition (1).

So I guess something is odd here :S I'm going to go find out about my problem booting in safe mode. Any suggested users who might know about that?

Thanks for all your help btw gerbil! Come visit any time in NB! :D

Systems not booting past mups.sys are legend. Reasons/guesses/solutions given are many and varied... lots of blame is placed on hardware items, BIOS.. nothing escapes. I don't know.
No reason why it could not be software based though. I would be running system file checker with my installation disk as a first step [Run, sfc /scannow], very straightforward to do.
Then I think I would try running [chkdsk C: / F] -painless also.
Finally I guess a Windows Repair using Setup.....