# Solved: Please Help. A virus has seemingly killed my Network Adapters...



## GeeQ (Mar 30, 2007)

I normally catch viruses before they hit. However one popped up on my screen last night right where I was clicking for a flash game I was wasting time with.

As I clicked, my PC restarted. Upon restart a "System shutdown" popup came up immediately. It would allow for 60 seconds of 'use' and then restart the system. Through reading through forums on my laptop, I was able to find a way to stop that system shutdown process, and run a restore from a checkpoint 3 days prior. However, now I have no internet.

I pulled up my network connections, and the list is blank. As I tried to start a new connection, I found that the process would not 'fail' but rather just disappear on me.

I've also looked into Device manager, and discoverd ALL of my Network Adapters have gone Yellow-! on me.

When I say all, this is the list:

Direct Parallel
Microsoft(r) PCI Adapter MN-130
Microsoft(r) PCI Adapter MN-130 - Packet Scheduler Miniport
NVIDIA nForce Networking Controller
NVIDIA nForce Networking Controller - Packet Scheduler Miniport
WAN Miniport (IP)
WAN Miniport (IP) - Packet Scheduler Miniport
WAN Miniport (L2TP)
WAN Miniport (PPPOE)
WAN Miniport (PPTP)

Properties on all of these list in Device Status:

Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

I've searched a lot of this forum and others, and I've just become overly confused. These are the things I THINK I've tried

Uninstalling, Reinstalling and updating supposed drivers. 
Rerunning the CDs which came with the nVidia and Microsoft PCI hardware
ipconfig (doesnt work either)
system restore to a date PRIOR to the original restore point

and I think thats all that really counts. Anyone got any suggestions?

btw, this is a comp a techie friend of mine helped me put together a year ago. He has since moved away, otherwise I'd have him working on it right now. But basically that means, I have no warranty or recovery disk or anything like that.


----------



## Frank4d (Sep 10, 2006)

Start > Run > services.msc and check to see that "Network Connections" is started and Startup Type is Manual or Automatic. If not right click Network Connections then Properties, and set it to Manual and Started.

If the service isn't listed at all then we'll need to restore it.


----------



## GeeQ (Mar 30, 2007)

Hey, thanks for your quick response. Unfortunately, the settings were already as you stated they should be. Just for the heck of it I went ahead and ended, diasbled, rebooted, reenabled as manual and restarted, still no luck. 

Here's some more information that seems I should have mentioned before.

When I open the Microsoft Broadband Network Utility, It shows:

My Computer
Connection Speed 0Mbps
IP Address 0.0.0.0
File Sharing Disabled

MSHOME
You are connected to your network
Gateway address 0.0.0.0
X Internet Unavailable. Troubleshoot

Your Internet Connection
You are not connected to the Internet.

Anyway, seems to me I remember that even when I've had internet go down in the past, the IP and Gateway addresses were still filled out. Also, My Living Room computer would normally also show up on the "Other Network Devices" list, which is currently blank. I'm getting the impression my computer is being tricked into thinking its on a network that doesnt actually exist.

Any more suggestions?


----------



## Blackmirror (Dec 5, 2006)

have you tried a system restore


----------



## GeeQ (Mar 30, 2007)

Yes. I've restore back to two other dates. 

I just noticed a couple other random occurences as well. 

Its been 8 minutes since I last touched my PC, and just now on the screen, I got a "Webpage unavailable while offline" popup error. 

Also, randomly and intermittently, my entire screen flickers.

And on more error message, titled:

gsfd
Run-time eror '5':
Invalid Procedure cal or arguement

sometimes the title for that is more along the lines of:

fdasdsyerytrdasdasad

or somethin like that. 

Looks like I may not have gotten all of the virus. However, with a scan of avast! and ewido, nothing is detected.


----------



## Blackmirror (Dec 5, 2006)

You can try an online scan ..www.bitdefender.com

and i should post a hijackthis log in security to have them check you out sounds like that virus has done a lot of damge


----------



## GeeQ (Mar 30, 2007)

Only problem is, I'm on my laptop. The PC cant connect to the net at all. So now online scans, and if I understand HiJackThis logs... thats not gonna happen either.


----------



## bonk (Sep 8, 2005)

Why can't you put the HijackThis on Disk on the PC you can connect with and transfer it to the Laptop


----------



## bonk (Sep 8, 2005)

Great minds think alike......


----------



## Blackmirror (Dec 5, 2006)

Have you tried safe mode with networking to see if you can connect


----------



## Rich-M (May 3, 2006)

Download this on working computer and then install into messed up one....
http://www.snapfiles.com/get/winsockxpfix.html


----------



## Bob Cerelli (Nov 3, 2002)

That's just one of the the problems with on-line scans. You need to be able to get online to do them.

Fortunately both spybot and ad-aware let you install and copy the updates using something like a flash drive. 

But at this point you are way beyond a simple winsock registry fix. Even with a corrupted registry entry for that, you would at least be getting IP addresses assigned. So for now, you need to be able to get the drivers correctly recognized by Windows. Might try installing, updating and scanning from safe mode those two free programs. They actually can remove spyware on their own if that is the cause of the problem


----------



## Midiport (Feb 28, 2007)

Do you have an onboard Lan port?
If so, go into your BIOS and make sure it's not disabled.


----------



## Mindgrinder (Mar 23, 2007)

ok do one thing Remove all miniports

1. go to mininports in device manager
2. right click and update drivers
3. choose install from specific location
4. choose i would specify....
5. uncheck compatible driver box
6. choose manufacturer as microsoft and choose mac drivers
7. now once done it will show mac driver
8. now uninstall the miniport
9. u might have to repeat the steps for each miniport.
10. try after this and post what happened.


----------



## GeeQ (Mar 30, 2007)

Ok.

Winsock fix didnt work.

I downloaded ad-aware, spybot onto disk and am running adaware as i type this. so far... 120 new critical objects... and avast is popping up virus warnings left and right

midi: I wouldnt know how to do what you're talking about.

mindgrinder:
Are you talking about just the WAN Miniport entries? or like the NVIDIA nForce Networking Controller - Packet Scheduler MINIPORT


----------



## GeeQ (Mar 30, 2007)

Hah Ad-Aware's response includes:

Win32.Trojan.Downloader
Win32.TrojanDownloader.Small
Win32.Trojan.Spy
Zango
TrustCleaner
Win32.Trojan.MatrixHasYou
SpywareNo

and all of these are in there a few times each. Its like theyre respawning.


----------



## bonk (Sep 8, 2005)

I would suggest posting a HijackThis log

Download *HijackThis* to your desktop

*Right *click & *Extract All*
Open the file created and click on the *Hijack.exe *
It will open and use the default path
Check do you wish an Icon
Click on Icon and choose *"scan system and save a logfile" *usually in notepad
Copy and Paste the logfile in your next post
Using *Ctrl+A* to copy All and *Ctrl+C* to copy and *Ctrl+V* to paste.


----------



## Midiport (Feb 28, 2007)

Is the socket on the back of your pc for the connection on a pci slot, or is it near the usb/printer/keyboard sockets?

If it's near the usb etc, try this.....

To look at the bios, reboot, and as the machine is powering back on hold down "F2" (sometimes a different button, check your motherboard manual).

Don't change anything here, as it can cause problems if you change the wrong thing, but go into "Advanced", then "Chipset Settings" (may vary between manufacturers), and look for "Onboard LAN".
If this is set to disabled, that's your problem!


----------



## GeeQ (Mar 30, 2007)

Midi, it was enabled.

Anyway, nothing new being found on spybot, adaware, avast or ewido... they all check out. which is wierd cause viewpoint manager is still on there... gah

Anyway, heres the requested Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 8:35:30 AM, on 3/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
z:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
z:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
Z:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\NOTEDAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINDOWS\system32\dllhost.exe
z:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\GeeQ\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\tmp50.tmp.dll (file missing)
O2 - BHO: (no name) - {745d0965-7822-4aa2-bfb2-6aa3c6d0728f} - C:\WINDOWS\system32\mscMMC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141614535\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [winclean] c:\windows\system32\winclean.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\pmkhgf.dll",setvm
O4 - HKLM\..\Run: [avast!] z:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = Z:\Office\OSA9.EXE
O4 - Global Startup: PGPtray.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O20 - AppInit_DLLs: c:\windows\system32\jkhhebb.dll
O20 - Winlogon Notify: mscMMC - C:\WINDOWS\SYSTEM32\mscMMC.dll
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - z:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - z:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - z:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - z:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TVersityMediaServer - Unknown owner - Z:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


----------



## GeeQ (Mar 30, 2007)

I have to head to my "job" and wont be back for 9 hours, but whatever you all can come up with will be greatly appreciated. It seems to me a software failure is causing the pc to not recognize the ethernet ports, both the seperate pci slot, and the one built in to the motherboard. So I would think I might just need to tweak something in my software settings. But I don't know... I'm not a real techie guy. Hopefully y'all can come up with something that works.

Thanks again


----------



## cybertech (Apr 16, 2002)

Hi GeeQ, Welcome to TSG!

I've moved your post to the Security Forum and will have posted again by the time you get home from your "job".


----------



## cybertech (Apr 16, 2002)

Download *SDFix* and save it to your Desktop.

Double click *SDFix.exe* and choose *Install* to extract it to its own folder on the Desktop. Please then reboot your computer in *Safe Mode* by doing the following :
Restart your computer 
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; 
Instead of Windows loading as normal, a menu with options should appear; 
Select the first option, to run Windows in Safe Mode, then press "Enter". 
Choose your usual account. 

 In Safe Mode, right click the SDFix.zip folder and choose *Extract All*, 
 Open the extracted folder and double click *RunThis.bat* to start the script. 
 Type *Y* to begin the script. 
 It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. 
 Press any Key and it will restart the PC. 
 Your system will take longer that normal to restart as the fixtool will be running and removing files. 
 When the desktop loads the Fixtool will complete the removal and display *Finished*, then press any key to end the script and load your desktop icons. 
 Finally open the SDFix folder on your desktop and copy and paste the contents of the results file *Report.txt* back onto the forum with a new HijackThis log


----------



## GeeQ (Mar 30, 2007)

ok here goes. report first, log second

btw... only REAL difference i noticed visually was Windows Security Alerts now popsup inthe system tray

SDFix: Version 1.75

Run by GeeQ - Fri 03/30/2007 - 18:57:11.40

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\GeeQ\Desktop\SDFix

Safe Mode:
Checking Services:

Name:
new_drv

ImagePath:
\??\C:\WINDOWS\new_drv.sys

new_drv Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\AMKN4KAN\RUNNED~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\AMKN4KAN\RUNNED~2.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\C8IKCAOU\ALIVE_~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\C8IKCAOU\RUNNED~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\C8IKCAOU\RUNNED~2.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\KMRHURK8\RUNNED~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\KMRHURK8\RUNNED~2.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\KMRHURK8\RUNNED~3.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WGLTBXQI\RUNNED~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WGLTBXQI\RUNNED~2.HTM - Deleted
C:\WINDOWS\TEMP\TEMPOR~1\CONTENT.IE5\056Z8TYN\LOADER~1.HTM - Deleted
C:\WINDOWS\TEMP\1DE.TMP - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WGLTBXQI\KSD_1_~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\KMRHURK8\TASK_1~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\C8IKCAOU\CRLDR_~1.EXE - Deleted
C:\WINDOWS\temp\2.dllb - Deleted
C:\WINDOWS\temp\5.dllb - Deleted
C:\WINDOWS\temp\6.dllb - Deleted
C:\WINDOWS\temp\7.dllb - Deleted
C:\WINDOWS\temp\1F2.tmp.exe - Deleted
C:\WINDOWS\temp\1F4.tmp.exe - Deleted
C:\WINDOWS\Temp\1F2.tmp.exe - Deleted
C:\WINDOWS\Temp\1F4.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\7.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp178.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp17E.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp17F.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp1AF.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp1B1.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp1B2.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp2AE.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp2B2.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp2C4.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp50.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmpD4.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmpD5.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmpD6.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\_check32.bat - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\_tdF.tmp - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\abc123.pid - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\hd6.tmp - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\svchost.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\temp.exe - Deleted
C:\uniq - Deleted
C:\WINDOWS\9129837.exe - Deleted
C:\WINDOWS\s32.txt - Deleted
C:\WINDOWS\system\regserv.dll - Deleted
C:\WINDOWS\system\regserv.exe - Deleted
C:\WINDOWS\system\svchctrl.dll - Deleted
C:\WINDOWS\system\svchctrl.exe - Deleted
C:\WINDOWS\system\svchostw.dll - Deleted
C:\WINDOWS\system32\adirss.exe - Deleted
C:\WINDOWS\system32\bin29a.log - Deleted
C:\WINDOWS\system32\comdlg77.dll - Deleted
C:\WINDOWS\system32\dd.exe - Deleted
C:\WINDOWS\system32\explorer.exe - Deleted
C:\WINDOWS\system32\koos.exe - Deleted
C:\WINDOWS\system32\kprof - Deleted
C:\WINDOWS\system32\lnwin.exe - Deleted
C:\WINDOWS\system32\lzx32.sys - Deleted
C:\WINDOWS\system32\poof - Deleted
C:\WINDOWS\system32\qwertybot.exe - Deleted
C:\WINDOWS\system32\sm.exe - Deleted
C:\WINDOWS\system32\svchosts.exe - Deleted
C:\WINDOWS\system32\unsvchosts.exe - Deleted
C:\WINDOWS\system32\vexga5me3.exe - Deleted
C:\WINDOWS\system32\winclean.exe - Deleted
C:\WINDOWS\system32\zlbw.dll - Deleted
C:\WINDOWS\Temp\$_2341234.TMP - Deleted
C:\WINDOWS\Temp\_td13.tmp - Deleted
C:\WINDOWS\Temp\_td14.tmp - Deleted
C:\WINDOWS\Temp\2.dllb - Deleted
C:\WINDOWS\Temp\5.dllb - Deleted
C:\WINDOWS\Temp\6.dllb - Deleted
C:\WINDOWS\Temp\7.dllb - Deleted
C:\WINDOWS\Temp\kaw - Deleted
C:\WINDOWS\Temp\iexplore.exe - Deleted
C:\WINDOWS\ws386.ini - Deleted

ADS Check:

C:\WINDOWS\system32
:lzx32.sys 73602
Total size: 73602 bytes.

Removing ADS...

system32: deleted 73602 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"Z:\\LimeWire\\LimeWire.exe"="Z:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\ehome\\ehshell.exe"="C:\\WINDOWS\\ehome\\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\\ijji\\ENGLISH\\gunster.exe"="C:\\ijji\\ENGLISH\\gunster.exe:*:Enabled:Gunster"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1141614535\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1141614535\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1141614535\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1141614535\\ee\\aim6.exe:*:Enabled:AIM"
"Z:\\program files\\LimeWire\\LimeWire.exe"="Z:\\program files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\GeeQ\Desktop\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\WINDOWS\MustRead\MustRead.exe
C:\WINDOWS\temp\update2.exe
C:\WINDOWS\system32\EDD976732A.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\GeeQ\Application Data\Microsoft\Templates\~WRL0005.tmp
C:\Documents and Settings\GeeQ\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\GeeQ\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\GeeQ\Application Data\Microsoft\Word\~WRL3439.tmp
C:\Documents and Settings\GeeQ\Application Data\Microsoft\Word\~WRL3497.tmp
C:\Documents and Settings\GeeQ\Application Data\Microsoft\Word\~WRL4039.tmp
C:\Documents and Settings\GeeQ\Local Settings\Temp\~WRL2455.tmp
C:\Documents and Settings\GeeQ\My Documents\~WRL0645.tmp

Finished

SDFix: Version 1.75

Run by GeeQ - Fri 03/30/2007 - 18:57:11.40

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\GeeQ\Desktop\SDFix

Safe Mode:
Checking Services:

Name:
new_drv

ImagePath:
\??\C:\WINDOWS\new_drv.sys

new_drv Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\AMKN4KAN\RUNNED~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\AMKN4KAN\RUNNED~2.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\C8IKCAOU\ALIVE_~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\C8IKCAOU\RUNNED~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\C8IKCAOU\RUNNED~2.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\KMRHURK8\RUNNED~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\KMRHURK8\RUNNED~2.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\KMRHURK8\RUNNED~3.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WGLTBXQI\RUNNED~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WGLTBXQI\RUNNED~2.HTM - Deleted
C:\WINDOWS\TEMP\TEMPOR~1\CONTENT.IE5\056Z8TYN\LOADER~1.HTM - Deleted
C:\WINDOWS\TEMP\1DE.TMP - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\WGLTBXQI\KSD_1_~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\KMRHURK8\TASK_1~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\C8IKCAOU\CRLDR_~1.EXE - Deleted
C:\WINDOWS\temp\2.dllb - Deleted
C:\WINDOWS\temp\5.dllb - Deleted
C:\WINDOWS\temp\6.dllb - Deleted
C:\WINDOWS\temp\7.dllb - Deleted
C:\WINDOWS\temp\1F2.tmp.exe - Deleted
C:\WINDOWS\temp\1F4.tmp.exe - Deleted
C:\WINDOWS\Temp\1F2.tmp.exe - Deleted
C:\WINDOWS\Temp\1F4.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\7.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp178.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp17E.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp17F.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp1AF.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp1B1.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp1B2.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp2AE.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp2B2.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp2C4.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmp50.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmpD4.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmpD5.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\tmpD6.tmp.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\_check32.bat - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\_tdF.tmp - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\abc123.pid - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\hd6.tmp - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\svchost.exe - Deleted
C:\DOCUME~1\GeeQ\LOCALS~1\Temp\temp.exe - Deleted
C:\uniq - Deleted
C:\WINDOWS\9129837.exe - Deleted
C:\WINDOWS\s32.txt - Deleted
C:\WINDOWS\system\regserv.dll - Deleted
C:\WINDOWS\system\regserv.exe - Deleted
C:\WINDOWS\system\svchctrl.dll - Deleted
C:\WINDOWS\system\svchctrl.exe - Deleted
C:\WINDOWS\system\svchostw.dll - Deleted
C:\WINDOWS\system32\adirss.exe - Deleted
C:\WINDOWS\system32\bin29a.log - Deleted
C:\WINDOWS\system32\comdlg77.dll - Deleted
C:\WINDOWS\system32\dd.exe - Deleted
C:\WINDOWS\system32\explorer.exe - Deleted
C:\WINDOWS\system32\koos.exe - Deleted
C:\WINDOWS\system32\kprof - Deleted
C:\WINDOWS\system32\lnwin.exe - Deleted
C:\WINDOWS\system32\lzx32.sys - Deleted
C:\WINDOWS\system32\poof - Deleted
C:\WINDOWS\system32\qwertybot.exe - Deleted
C:\WINDOWS\system32\sm.exe - Deleted
C:\WINDOWS\system32\svchosts.exe - Deleted
C:\WINDOWS\system32\unsvchosts.exe - Deleted
C:\WINDOWS\system32\vexga5me3.exe - Deleted
C:\WINDOWS\system32\winclean.exe - Deleted
C:\WINDOWS\system32\zlbw.dll - Deleted
C:\WINDOWS\Temp\$_2341234.TMP - Deleted
C:\WINDOWS\Temp\_td13.tmp - Deleted
C:\WINDOWS\Temp\_td14.tmp - Deleted
C:\WINDOWS\Temp\2.dllb - Deleted
C:\WINDOWS\Temp\5.dllb - Deleted
C:\WINDOWS\Temp\6.dllb - Deleted
C:\WINDOWS\Temp\7.dllb - Deleted
C:\WINDOWS\Temp\kaw - Deleted
C:\WINDOWS\Temp\iexplore.exe - Deleted
C:\WINDOWS\ws386.ini - Deleted

ADS Check:

C:\WINDOWS\system32
:lzx32.sys 73602
Total size: 73602 bytes.

Removing ADS...

system32: deleted 73602 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"Z:\\LimeWire\\LimeWire.exe"="Z:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\ehome\\ehshell.exe"="C:\\WINDOWS\\ehome\\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\\ijji\\ENGLISH\\gunster.exe"="C:\\ijji\\ENGLISH\\gunster.exe:*:Enabled:Gunster"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1141614535\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1141614535\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1141614535\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1141614535\\ee\\aim6.exe:*:Enabled:AIM"
"Z:\\program files\\LimeWire\\LimeWire.exe"="Z:\\program files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\GeeQ\Desktop\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\WINDOWS\MustRead\MustRead.exe
C:\WINDOWS\temp\update2.exe
C:\WINDOWS\system32\EDD976732A.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\GeeQ\Application Data\Microsoft\Templates\~WRL0005.tmp
C:\Documents and Settings\GeeQ\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\GeeQ\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\GeeQ\Application Data\Microsoft\Word\~WRL3439.tmp
C:\Documents and Settings\GeeQ\Application Data\Microsoft\Word\~WRL3497.tmp
C:\Documents and Settings\GeeQ\Application Data\Microsoft\Word\~WRL4039.tmp
C:\Documents and Settings\GeeQ\Local Settings\Temp\~WRL2455.tmp
C:\Documents and Settings\GeeQ\My Documents\~WRL0645.tmp

Finished

Now the new hijack

Logfile of HijackThis v1.99.1
Scan saved at 7:03:28 PM, on 3/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
z:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
z:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\dllhost.exe
z:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
Z:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\NOTEDAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Documents and Settings\GeeQ\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\tmp50.tmp.dll (file missing)
O2 - BHO: (no name) - {745d0965-7822-4aa2-bfb2-6aa3c6d0728f} - C:\WINDOWS\system32\mscMMC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141614535\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\pmkhgf.dll",setvm
O4 - HKLM\..\Run: [avast!] z:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = Z:\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O20 - AppInit_DLLs: c:\windows\system32\jkhhebb.dll
O20 - Winlogon Notify: mscMMC - C:\WINDOWS\SYSTEM32\mscMMC.dll
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - z:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - z:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - z:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - z:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TVersityMediaServer - Unknown owner - Z:\Program Files\TVersity\Media Server\MediaServer.exe



Oh and i refer to my 'job' as a 'job, because I supposedly work in Technical support... yea right.


----------



## Mindgrinder (Mar 23, 2007)

yah i am talking abt wan miniports only


----------



## Rich-M (May 3, 2006)

A word of caution here...Spybot in particular has a tendency to find and remove a lot but it's how it does that that can make a worse problem then you already have. More than once I cleaned a few systems that took hours only to reboot and not be able to bootup with Spybot recently. My suggestion is download Superantispyware which I am finding much better with today's problems and gentler in removal of issues. I have yet to trash a system using this and you can download it pretty up to date on another pc and install it to infected one.
www.superantispyware.com


----------



## Bob Cerelli (Nov 3, 2002)

And yet you bragged so much in the past how that single program kept you from having any spyware at all. Would think if it had any tendencies, more would have reported it. Certainly nothing I have experienced ever. Maybe just in how it is being used.

--

Now another option may be to try another network card.


----------



## GeeQ (Mar 30, 2007)

Can someone maybe give me the steps to uninstall and then reinstall the pci card that i have. Like to the point that my comp thinks its brand new


----------



## GeeQ (Mar 30, 2007)

Whats the difference between... a Microsoft(R) PCI Adapter MN-130 and a Microsoft(R PCI Adapter MN-130 - PacketScheduler Miniport.

What is a Packet Scheduler Miniport?


----------



## Bob Cerelli (Nov 3, 2002)

Having had LimeWire.exe installed, you might want to run quite a few scans. 

Also, what happens if you boot to safe mode with networking support.

And at this point, what exactly were the steps that led you to believe that a virus killed your network adapter? For example, what virus?

--

To uninstall the network adapter you can delete it from the Device Manager.


----------



## GeeQ (Mar 30, 2007)

I've run scan after scan. And now they are all coming up with no hits. In fact I'm RE-running Ad-Aware as I type this.

Safemode with networking still doesnt allow for any connection to a network or even a direct connection to the internet.

On Wed, I was checking my gmail, and went off to go play a flash point and click game. While I was clicking away a popup balloon came from my system tray and... well it was right where i was clicking. My computer immediately shutoff and restarted on its own. When it restarted there was some random error stating the computer would be shut off in 60 seconds. After it restarted around 15 times, I was finally fast enough to access my restore point from 3 nights prior. However, when I booted it up at that point, I had no internet access. (Two little red monitors in system tray)

Intermittently, when i attempt to access the Broadband utility, I'll get

Microsoft Visual C++ Runtime Library X

Runtime Error!

Program: ...rogram Files\Microsoft Broadband Networking\MSBNUtil.exe

This Application has requested the Runtime to terminate in an unusual way. Please contact the application's support team for more information.

Beyond this, when I do get it up, as stated previously, the IP and gateway addresses are 0.0.0.0, whereas when my internet is just down, the IP and Gateway addresses hold their normal states. 

When I attempt to access Network connections, the window doesnt populate any connections. I should have MSHOME and Local Area Connection 2 on there, showing up as disconnected. If I try to make a new connection, it allows me to go through the process, stating my connection should already be configured.

And finally, when I go into Device Manager, All my hardware devices, listed under Network adapters, have yellow exclamation points and come back with:

Windows cannot load the device driver for this hardware. The driver may be corrupted or missin. (Code 39)


And heres something new.........as in just happened when I opened device manager again...

My DVD/CD-ROM drives hardware list is now giving me the same yellow exclamation and error code. Its like somethings attacking my drivers directly. But, nothings showing up on the scans.


----------



## cybertech (Apr 16, 2002)

*Run HJT again and put a check in the following:*

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\tmp50.tmp.dll (file missing)
O2 - BHO: (no name) - {745d0965-7822-4aa2-bfb2-6aa3c6d0728f} - C:\WINDOWS\system32\mscMMC.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\pmkhgf.dll",setvm
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O20 - AppInit_DLLs: c:\windows\system32\jkhhebb.dll
O20 - Winlogon Notify: mscMMC - C:\WINDOWS\SYSTEM32\mscMMC.dll
O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)

*Close all applications and browser windows before you click "fix checked".*

*Click Here* and download Killbox and save it to your desktop.

Double-click on Killbox.exe to run it. 
Put a tick by *Delete on Reboot*. 
Copy the following list of files to clipboard, CTRL+C to copy

*C:\WINDOWS\MustRead
C:\WINDOWS\temp\update2.exe
C:\WINDOWS\system32\lsasss.exe
C:\WINDOWS\pmkhgf.dll
C:\WINDOWS\system32\mscMMC.dll
c:\windows\system32\jkhhebb.dll
c:\windows\system32\senssrv.dll
*

Now in Killbox go to File, Paste from clipboard.
Click the *All Files* button.
Click on the button that has the red circle with the X in the middle.
It will ask for confimation to delete the file. 
Click Yes. 
It will ask if you want to reboot now,
Click Yes.

*Note:* It is possible that Killbox will tell you that the file does not exist.

If your computer does not restart automatically then please restart it manually. 
If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

Please download *ATF Cleaner* by Atribune. 
*This program is for XP and Windows 2000 only*
 
Double-click *ATF-Cleaner.exe* to run the program. 
Under *Main* choose: *Select All* 
Click the *Empty Selected* button. 
If you use Firefox browser
Click *Firefox* at the top and choose: *Select All* 
Click the *Empty Selected* button. 
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt. 
If you use Opera browser
Click *Opera* at the top and choose: *Select All* 
Click the *Empty Selected* button. 
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt. 
Click *Exit* on the Main menu to close the program. 
For *Technical Support*, double-click the e-mail address located at the bottom of each menu.

*Download and install **AVG Anti-Spyware 7.5 AVG ANTI-SPYWARE IS ONLY FOR SYSTEMS RUNNING WIN 2K and XP * 
(_This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware_) 
1. After download, double click on the file to launch the install process. 
2. Choose a language, click "*OK*" and then click "*Next*". 
3. Read the "_License Agreement_" and click "*I Agree*". 
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "*Next*", then click "*Install*". 
5. After setup completes, click "*Finish*" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray. 
6. The main "*Status*" menu will appear. Select "_Change state_" to inactivate '*Resident Shield*' and '*Automatic Updates*'. 
7. Then right click on AVG Anti-Spyware in the system tray and *uncheck* "*Start with Windows*". 
8. Go to Start > Run and type: *services.msc*
Press *"OK"*. 
Click the "*Extended tab*" and scroll down the list to find *AVG Anti-Spyware guard*. 
When you find the guard service, double-click on it. 
In the Properties Window > General Tab that opens, click the "*Stop*" button. 
From the drop-down menu next to "Startup Type", click on "*Manual*". 
Now click "*Apply*", then "*OK*" and close the Services window.
9. Select the "*Update*" button and click "*Start update*". Wait until you see the "_Update succesfull_ message. If you are having problems with the updater, manually update with the *AVG Anti-Spyware Full database installer* from *here*. Exit AVG Anti-Spyware when done - *DO NOT perform a scan yet*.

*Reboot your computer in* "*SAFE MODE*" using the *F8* method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

*Scan with AVG Anti-Spyware as follows*: 
1. Launch AVG Anti-Spyware, click on the "*Scanner*" button and choose the "*Settings*" tab. 

Under "*How to act?*", click on "*Recommended actions*" and choose "*Quarantine*" to set default action for detected malware. 
Under "*How to Scan?*" check all (default). 
Under "*Possibly unwanted software*" check all (default). 
Under "*What to Scan?*" make sure "*Scan every file*" is selected (default). 
Under "*Reports*" select "*Automatically generate report after every scan*" and UNcheck "*Only if threats were found*".
2. Click the "*Scan*" tab to return to scanning options. 
3. Click "*Complete System Scan*" to start. 
4. When the scan has finished you will be presented with a list of infected objects found. Click "*Apply all actions*" to place the files in Quarantine.

*IMPORTANT!* Do not save the report before you have clicked the *Apply all actions* button. If you do, the log that is created will indicate "*No action taken*", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "*Save Report*" to view all completed scans. Click on the most recent scan you just performed and select "*Save report as*" - the default file name will be in date/time format as follows: *Report-Scan-20060620-142816.txt*. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\ 
6. Exit AVG Anti-Spyware when done, reboot normally and submit the *AVG Anti-Spyware* report in your next reply and a* new Hijackthis log*.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this: 
1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.


----------



## GeeQ (Mar 30, 2007)

On the last part right now doing the scan in safemode. Received an error on the HJT though:

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: c:\windows\system32\jkhhebb.dll)
Error #5 - Invalid procedure call or argument

Please email me at [email protected], reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

And that file looks like its still there.

Will post scan and HJT logs when scan completes


----------



## cybertech (Apr 16, 2002)

Download *WinPFind3U.exe* to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on *WinPFind3U.exe* to start the program.
In the *Files Created Within* group click *30 days*
In the *Files Modified Within* group select *30 days*
In the *File String Search* group select *Non-Microsoft*

Now click the *Run Scan* button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please post the resulting log here.


----------



## GeeQ (Mar 30, 2007)

*OK here goes

AVG:*

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:	9:05:28 AM 3/31/2007

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{C28EB22A-6966-4E4B-8592-E84C28D38402} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{B1C54189-72F0-4353-987B-18FA221BEF09} -> Adware.Generic : Cleaned with backup (quarantined).
Z:\fpm10U5.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FE6C16C4-16AD-47B6-B250-26AD1829E49A} -> Adware.TrustCleaner : Cleaned with backup (quarantined).
C:\Documents and Settings\GeeQ\Desktop\SDFix\backups\backups.zip/backups/regserv.exe -> Backdoor.ShBot.d : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A9B231EC-267D-4D7B-9D2E-9EA2E12EC7EF}\RP514\A0096635.exe -> Backdoor.ShBot.d : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A9B231EC-267D-4D7B-9D2E-9EA2E12EC7EF}\RP514\A0096675.exe -> Backdoor.ShBot.d : Cleaned with backup (quarantined).
Z:\AnyDVD\Cracked\AnyDVD 6.0.x.x Patch.exe -> Downloader.Delf.aup : Cleaned with backup (quarantined).
Z:\desktop\Cracked\AnyDVD 6.0.x.x Patch.exe -> Downloader.Delf.aup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A9B231EC-267D-4D7B-9D2E-9EA2E12EC7EF}\RP505\A0094893.dll -> Downloader.Small.ddp : Cleaned with backup (quarantined).

::Report end

*And now HijackThis*

Logfile of HijackThis v1.99.1
Scan saved at 9:07:56 AM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
z:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
z:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\ehome\RMSvc.exe
z:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
Z:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Documents and Settings\GeeQ\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {745d0965-7822-4aa2-bfb2-6aa3c6d0728f} - C:\WINDOWS\system32\mscMMC.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141614535\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] z:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = Z:\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O20 - AppInit_DLLs: c:\windows\system32\jkhhebb.dll
O20 - Winlogon Notify: mscMMC - mscMMC.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - z:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - z:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - z:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - z:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TVersityMediaServer - Unknown owner - Z:\Program Files\TVersity\Media Server\MediaServer.exe

*I havta go off to my 'job' again. Same schedule as yesterday, but whatever steps you have for me to take next, just post em on here, and I'll get right to work on them when I get home. I'm also off all day tomorrow so we can really bust this out.

THANKS AGAIN you guys really give me confidence that Im not totally screwed. *


----------



## GeeQ (Mar 30, 2007)

gonna throw that up before i leave for work cybertech.. its scanning right now

EDIT: Just to be sure, processes is set as Non-Microsoft
Win32 is set at Non-Microsoft
Driver is set at none
and Registry is set at non-microsoft

Aslo, in both files/folders modified/created within, there is a non microsoft only option which is checked off by default. 

I dont think I'm going to be able to wait for the scan to finish I'm goin to be late for work. But I'll rerun it the second i get home with all the settings as you tell me to put them.


----------



## cybertech (Apr 16, 2002)

Settings are fine. I'll wait for the scan results...


----------



## GeeQ (Mar 30, 2007)

Scan is going through as I type this... Got stuck late at work. And then had to go to dinner with a cousin who is visiting. Feel free to take your time on this, you probably wont look at it til morning anyway, but I'll be home most of the day tomorrow.


----------



## GeeQ (Mar 30, 2007)

Looks like that scan wont work on my comp. It freezes at the very beginning on "Scanning Winlogon settings..."


----------



## Frank4d (Sep 10, 2006)

> O20 - AppInit_DLLs: c:\windows\system32\jkhhebb.dll


An entry you were asked to fix in #31 is still there in #34. I would find this dll and right click it, then Properties, then Version tab. See if it looks like anything related to software on your PC (because when you do a web search on a filename and get no results with any search engine, that's generally not a good thing).


----------



## cybertech (Apr 16, 2002)

Please download *VundoFix.exe* to your desktop.
Double-click *VundoFix.exe* to run it.
Click the *Scan for Vundo* button.
Once it's done scanning, click the *Remove Vundo* button.
You will receive a prompt asking if you want to remove the files, click *YES*
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click *OK*.
Turn your computer back on.
Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove. 
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


----------



## GeeQ (Mar 30, 2007)

OK I'm up.. and the Vundo is done, heres the requested files. I'll be sitting right here all day waiting to do whatever you need me to do.

VundoFix V6.3.18

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 7:33:28 AM 4/1/2007

Listing files found while scanning....

C:\WINDOWS\system32\tmp1B1.tmp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tmp1B1.tmp.dll
C:\WINDOWS\system32\tmp1B1.tmp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 7:40:28 AM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
z:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
z:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
Z:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\NOTEDAD.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
z:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\GeeQ\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {745d0965-7822-4aa2-bfb2-6aa3c6d0728f} - C:\WINDOWS\system32\mscMMC.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141614535\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] z:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = Z:\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O20 - Winlogon Notify: mscMMC - mscMMC.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - z:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - z:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - z:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - z:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TVersityMediaServer - Unknown owner - Z:\Program Files\TVersity\Media Server\MediaServer.exe


----------



## cybertech (Apr 16, 2002)

*Run HJT again and put a check in the following:*

O2 - BHO: (no name) - {745d0965-7822-4aa2-bfb2-6aa3c6d0728f} - C:\WINDOWS\system32\mscMMC.dll (file missing)
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O20 - Winlogon Notify: mscMMC - mscMMC.dll (file missing)

*Close all applications and browser windows before you click "fix checked".*

Double-click on Killbox.exe to run it. 
Put a tick by *Delete on Reboot*. 
Copy the following list of files to clipboard, CTRL+C to copy

*C:\WINDOWS\system32\IExplorer.dll
*

Now in Killbox go to File, Paste from clipboard.
Click the *All Files* button.
Click on the button that has the red circle with the X in the middle.
It will ask for confimation to delete the file. 
Click Yes. 
It will ask if you want to reboot now,
Click Yes.

*Note:* It is possible that Killbox will tell you that the file does not exist.

If your computer does not restart automatically then please restart it manually. 
If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

After the reboot post your hijackthis log.


----------



## GeeQ (Mar 30, 2007)

I did get the "PendingFileRenameOperations Registry Data has been Removed by External Process!" error, but everything else seemed to go right. Heres HJT

Logfile of HijackThis v1.99.1
Scan saved at 7:58:14 AM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
z:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
z:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\ehome\RMSvc.exe
Z:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINDOWS\system32\dllhost.exe
z:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\GeeQ\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141614535\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] z:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = Z:\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - z:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - z:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - z:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - z:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TVersityMediaServer - Unknown owner - Z:\Program Files\TVersity\Media Server\MediaServer.exe


----------



## GeeQ (Mar 30, 2007)

Just as a side thought... My PC has these specs...

ASUS A8N5X Socket 939 NVIDIA nForce4 ATX AMD Motherboard 

ASUS Black ATAPI DVD-ROM Drive Model DVD-E616AG 

2x Seagate Barracuda 7200.9 SATA NCQ 3Gb/s ST3160812AS 160GB 7200 RPM SATA 3.0Gb/s Hard Drive 

2x CORSAIR ValueSelect 2GB (2 x 1GB) 184-Pin DDR SDRAM DDR 400 (PC 3200) Unbuffered System Memory Model VS2GBKIT400C3 

Antec NeoHE 500 ATX12V 500W Power Supply 

AMD Athlon 64 X2 4200+ Manchester 1GHz FSB Socket 939 Dual Core Processor Model ADA4200BVBOX 

MSI RX1800XT-VT2D512E Radeon X1800XT 512MB GDDR3 PCI Express x16 Video Card 

PROLINK PV-TV304P+FMRC PCI Interface TV/FM Tuner Card 

Plus throw in a DVD writing drive. 

Would Vista work? and how hard would it be to completely wipe everything off my harddrives and start from scratch. I figure using a vista upgrade isnt going to fix the driver issues, but if i got a full version vista with 2 blank harddrives, I could technically just reload the BIOS with the new OS, etc... and not have to worry about anything malfunctioning. 

I tend to use my PC for, browsing the net (gmail, kotaku, gamespot, joystiq, engadget, fark... etc.), randomly doing art projects on paintshop, photoshop, and flash, other random multimedia, listening to music, streaming music to my 360, and... well thats really about it. Oh and typing the odd paper. Or watching a DVD. Would you all recommend anything along these lines? Could you tell me HOW to do it? 

Id still like to get this fixed... Even if I were to order a full version of vista it would take 2 weeks to get here (Hawaii) but I dunno if I should bother.


----------



## Bob Cerelli (Nov 3, 2002)

Have you just tried another network card yet. Probably less expensive, time consuming and risky as Vista.


----------



## GeeQ (Mar 30, 2007)

Yes I had thrown one on, and the drivers corrupted on that as well


----------



## cybertech (Apr 16, 2002)

Not all programs are Vista ready yet so aside from the hardware you need to examine your software as well. Some may say they are not compatible yet and you may later find out they have no intentions of making the current compatible. I've found that to be true with sound cards.


----------



## Bob Cerelli (Nov 3, 2002)

GeeQ said:


> Yes I had thrown one on, and the drivers corrupted on that as well


That's good to finally know. Then since two different network cards had the same problem, there wasn't much point in trying to uninstall the first one.

What were the exact steps taken to install the different network card?

Also, since it is now creeping into four pages, don't recall if have you done a repair install?


----------



## GeeQ (Mar 30, 2007)

Where would I look to be sure my software is compatible? And exactly what software would I be looking at. I'm sure vista has its own version of wmp. It'll have 360 connectivity, and should be the only platform you can play windows live games on, like Halo 2 and Shadowrun. Would I be able to find out if my soundcard has vista drivers? if it comes to it and all I need is a new soundcard i can pick up for 100 bucks, at this point I might just do it. Its just crazy that I spent as much as I did on this PC and now its just kinda worthless.


----------



## Bob Cerelli (Nov 3, 2002)

So why not just reload XP from scratch then if you want take the chance and expense to load Vista?


----------



## GeeQ (Mar 30, 2007)

Bob would it matter that it was the same TYPE of card? it was another MN-130 which I installed into a different slot

I followed the installation procedure exactly as it stated on the Autorun CD that came with it. including not installing the card physically until after the software was run through. of course at this point upon restart the drivers had already failed.

Also not sure what you mean by repair install.

My sn might read GeeQ... but its pronounced NooB


----------



## GeeQ (Mar 30, 2007)

lol, I wouldnt know how, I'm sure I havta run through first and put everything I want to save on cds.. which I now havta do through PSP onto my laptop, as my cd/dvd drives are also driverless at this point. Then at that point, how do I wipe the drives so I can start over.


----------



## Bob Cerelli (Nov 3, 2002)

GeeQ said:


> Bob would it matter that it was the same TYPE of card? it was another MN-130 which I installed into a different slot


Yes it would and that's exactly why I suggested trying a different card twice.

If you use the same card, it is using the same possibly corrupted drivers.


----------



## GeeQ (Mar 30, 2007)

went out to comp usa, grabbed another pci adapter... gonna install now


----------



## Bob Cerelli (Nov 3, 2002)

If it works, great.
If not, you can always return it. 
But at least it is something to try.
And you can find out if you are continuing to be infected with something that may be corrupting even new drivers. Or if the old ones, for whatever reason, got corrupted, and can't be removed and then reinstalled easily.


----------



## GeeQ (Mar 30, 2007)

No luck. Windows XP auto configures any added hardware, and it's supplying its own corrupted driver, and not accepting the real one from the install.


----------



## Bob Cerelli (Nov 3, 2002)

Still yellow ! marks?
No option to update the new driver through the device manager and point to the CD for the location?

If that doesn't work maybe the next steps are the reinstall or repair install as previously suggested?

At least those are next steps before a totally clean install.


----------



## GeeQ (Mar 30, 2007)

even pointing to the install driver I get the same '...driver may be corrupted or missing.' error.

How would I do the reinstall/repair install? If this doesnt work, I'm really thinking about go grabbin vista and wipin... compusa has the full edition of home premium for 189.99


----------



## Bob Cerelli (Nov 3, 2002)

Given the uncertainty about Vista and your computer, if you are considering wiping the hard drive anyway, then just install XP from scratch, formatting the hard drive in the process.

But if you want to try a reinstall see:
http://www.onecomputerguy.com/windowsxp_tips.htm#reinstall

If you want to try a repair install (likely the best chance of the two) see:
http://www.onecomputerguy.com/windowsxp_tips.htm#repair


----------



## GeeQ (Mar 30, 2007)

now to find my xp cd
lol


----------



## GeeQ (Mar 30, 2007)

just as a side thought. this comp replaced one that... well i was just bored of. that had a 120 gb or so hdd.. what would i need to turn that into an external hdd?


----------



## Bob Cerelli (Nov 3, 2002)

"what would i need to turn that into an external hdd?"

Turn which into an external drive?

Basically for either one, get the appropriate USB case and put the drive in.


----------



## GeeQ (Mar 30, 2007)

oh.. yea i was talking about the old comps hdd. So I can use it for file backup. BTW... when a comp gets a virus, will the external connected HDD also get infected? and if so, will it pass it on to a reformatted/other computer if connected to that later?


----------



## Bob Cerelli (Nov 3, 2002)

Good idea.

If the virus has been removed, and just the damaged OS files remain, then likely copying the data files is relatively safe.

And if you have anti-virus software running now which scans files as they are being read and written, should any infected files tried to be copied, they should be stopped. 

This is somewhat the difference between cleaning a virus vs. the damage they cause to files. You can remove the virus but still have damage or corrupted files left over from the virus.


----------



## GeeQ (Mar 30, 2007)

and no real way to fix the damage other than reinstalling right? Well, off to comp usa again... gonna get a cable or enclosure.. whichever is cheaper. 

I might just buy vista while im there. theres a 30 day refund if i dont open the thing. and they close at 5... so if worse comes to worse, i have it. and if i dont need it i just return it upopened.


----------



## Bob Cerelli (Nov 3, 2002)

One thing you can use that external drive for, once you get the OS installed, with all the drivers, updated, software installed, and configured just how you want, you can use a program like Acronis True Image to image it to that backup drive. Then should the OS have problems, you can at least restore it in a matter of minutes.

You can also create two partitions before you install Vista. One can be for the OS and Programs. The other for Data. Then if you need to restore the OS you can do it without overwriting the data.

Then that second partition can be backed up to the external drive.


----------



## GeeQ (Mar 30, 2007)

So... my internal drive totals at around 320 GB. If I were to repartition that drive, what would you recommend I do the breakdown as? 

The external HDD would be 120GB. 

I've run into problems now and again with my C: partition being too small and running out of space on a large download (like a game or movie) 

I am... rather disorganized and I'd really just like to start over and reorganize everything how it should be.

Whats a good program for harddrive wiping purposes? One that will also work on the external. I want to be able to temporarily backup what I have, put it back on the comp, wipe the external, and start with a clean external HDD

Also, is it true Nero 7 doesnt work with Vista?


----------



## Bob Cerelli (Nov 3, 2002)

Figure out what you want to put on the C: partition, how much space those items are taking up now, and then add more space for any growth.


----------



## GeeQ (Mar 30, 2007)

I got what I needed for the external, and it runs fine connected to my laptop. I'm gonna sneak attack my pc with it... so i havent hooked that up yet

anyway... because its from my old pc, it has my old pcs info on it. How do I go about clearing that out for blankness before I start the file backup proces?


----------



## GeeQ (Mar 30, 2007)

Ok Vista is... INSTALLED... and other than the sound issue I've heard so much about. Everyting looks fine. 

Now, before I start getting back into the regular swing of things. What antivirus software progs are compatible... that I should use on this thing?


----------



## Bob Cerelli (Nov 3, 2002)

AVG is compatible.

You can simply format your backup drive if there is nothing on there you need.

Then again, once you get Vista working the way you want, make an image of it.


----------



## GeeQ (Mar 30, 2007)

Thanks a ton Bob, and Cybertech too. Its a shame I couldnt get it working as it was. I guess this time I'll be sure to keep my software in a better place. Vista is a beauty though.


----------



## Bob Cerelli (Nov 3, 2002)

You are welcome and it was good sticking with you on this one.

Now that you have things the way you want, again make an image of the computer to that external drive. Sure is a lot easier to recover that way.


----------

