virus/trojan taskbar and start menu not fully working

**nycste** · September 12, 2007

Logfile of Spyware Terminator v2.0.0.194 (db:1.0.924.684)

Scan Time: 9/12/2007 12:37:57 AM length: 2540 s

Platform: Windows XP Service Pack 2 (WINNT 5.1.2600)

User: Admin

Boot Mode: Normal

Scan type: Full_Spyware_Scan

Scanned Objects: 160910 (Critical:0)

Filter: No System items, No Safe items, No Invalid items

Running Processes

:

nvsvc32.exe [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe

pidgin.exe [The Pidgin developer community] : C:\Program Files\Pidgin\pidgin.exe

ConvertXtoDvd.exe [VSO Software SARL] : C:\Program Files\vso\ConvertXtoDVD\ConvertXtoDvd.exe

SpybotSD.exe [safer Networking Limited] : C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

Internet Settings

R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =

R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO

02 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - [Orbitdownloader.com] : C:\Program Files\Orbitdownloader\orbitcth.dll

StartUps

04 - HKLM\System\CurrentControlSet\Control\Session Manager, BootExecute : : C:\WINDOWS\system32\UDBDEF.EXE

Shell Extensions

7-Zip Shell Extension - {23170F69-40C1-278A-1000-000100020000} - [igor Pavlov] : C:\Program Files\7-Zip\7-zip.dll

AlcoholShellEx - {32020A01-506E-484D-A2A8-BE3CF17601C3} - [Alcohol Soft Development Team] : C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll

Microsoft Office Outlook - {00020D75-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL

Outlook File Icon Extension - {0006F045-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL

- {42042206-2D85-11D3-8CFF-005004838597} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\msohev.dll

WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll

UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - : C:\Program Files\Unlocker\UnlockerCOM.dll

Desktop Manager - {709C6E11-538F-4759-86AC-6ACB302AA0DE} - : C:\WINDOWS\system32\msvdm.dll

Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} - [Avira GmbH] : C:\Program Files\Avira\AntiVir PersonalEdition Premium\shlext.dll

Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

- {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

AVG7 Shell Extension Class - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

AVG7 Find Extension Class - {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

Protocol Filters

- {807553E5-5146-11D5-A672-00B0D022E945} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

Protocol Handler

Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL

Data Page Plugable Protocal mso-offdap11 Handler - {32505114-5902-49B2-880A-1F7738E5A384} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL

IEProtocolHandler Class - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - [skype Technologies] : C:\Program Files\Common Files\Skype\Skype4COM.dll

Winsock 2

[Avira GmbH] : C:\WINDOWS\system32\avsda.dll

Services

23 - : C:\WINDOWS\system32\DRIVERS\a347bus.sys

23 - : C:\WINDOWS\system32\Drivers\a347scsi.sys

23 - : C:\Program Files\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.SYS

23 - [GRISOFT, s.r.o.] : C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys

23 - [Elaborate Bytes AG] : C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

23 - : C:\WINDOWS\system32\giveio.sys

23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\RtkHDAud.sys

23 - [Kensington Technology Group] : C:\WINDOWS\system32\drivers\KID_SYS.sys

23 - [Kensington Technology Group] : C:\WINDOWS\system32\drivers\ntxpusb.sys

23 - [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe

23 - : C:\WINDOWS\system32\DRIVERS\OREANS32.SYS

23 - [VSO Software] : C:\WINDOWS\system32\Drivers\pcouffin.sys

23 - [Elaborate Bytes] : C:\WINDOWS\system32\Drivers\RegKill.sys

23 - : C:\Program Files\SUPERANTISPYWARE\SASDIFSV.SYS

23 - : C:\Program Files\SUPERANTISPYWARE\SASKUTIL.SYS

23 - [Windows ® 2000 DDK provider] : C:\WINDOWS\system32\speedfan.sys

23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\Teefer.sys

23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg3n.sys

23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg4n.sys

23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg5n.sys

23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\wg6n.sys

23 - [sygate Technologies, Inc.] : C:\WINDOWS\system32\DRIVERS\WPSDRVNT.SYS

23 - [Marvell] : C:\WINDOWS\system32\DRIVERS\yk51x86.sys

23 - [EnTech Taiwan] : C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS

Winlogon Notify

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon, DLLName : [sUPERAntiSpyware.com] : C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

**nycste** · September 12, 2007

humm program GodZBSY.exe is running for some reason and google shows up nothing

**Tarun** · September 12, 2007

Do all of the scans from the sticky list posted in this thread in Safe Mode. Then boot back into Normal Mode, run HijackThis and post a log.

**nycste** · September 12, 2007

Do all of the scans from the sticky link posted in this thread in Safe Mode. Then boot back into Normal Mode, run HijackThis and post a log.

will do later thanks.

[q]Originally posted by: John

Upload it to virustotal.com to see if it's detected.[/q]

i cant find the file on my computer but it said it was running weird.

and something turned on my system restore even though ive always had it off.

installed a program prevx. and it found 3 issues ill update lata

**nycste** · September 12, 2007

ok this is hijack log after doing some more cleanup on my own. ill run the following Do all of the scans from the sticky list posted in this thread in Safe Mode. Then boot back into Normal Mode, run HijackThis and post a log.

Edit: Removed text taken from the wiki at Lunarsoft.

Edited September 12, 2007 by Tarun
Removed copied wiki text.

**nycste** · September 12, 2007

and here is hijack log 1. before another safemode scan and fix.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:42:13 PM, on 9/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Prevx2\PXAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe

C:\Documents and Settings\user\Desktop\HiJackThis v.200b.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)

O4 - HKLM\..\Run: [smcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

--

End of file - 7372 bytes

**nycste** · September 13, 2007

http://support.microsoft.com/default.aspx?...kb;en-us;555130

Menu bar/Toolbar Missing in Windows Explorer and/or Internet Explorer

View products that this article applies to.

Author: Doug Knox MVP

Community Solutions Content Disclaimer

Article ID : 555130

Last Review : July 28, 2005

Revision : 1.0

SUMMARY

The Menu bar and/or Toolbar may be missing when you open Windows Explorer and/or Internet Explorer.

Back to the top

SYMPTOMS

When you open Windows Explorer or Internet Explorer you may find that your Menu bar and/or Toolbar is missing.

Back to the top

CAUSE

For Windows Explorer and Internet Explorer, this behavior is caused by one or more corrupt values in the Windows Registry

Back to the top

RESOLUTION

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To resolve this problem, edit the registry to remove the corrupt value(s).

Close all open Internet Explorer and Windows Explorer windows. Start the Registry Editor (Click Start, Run and enter REGEDIT.EXE).

Go to the following Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar

For Windows Explorer: In the right pane, locate the Explorer sub-key and open it. In the right pane, locate the ITBarLayout value. Right click this value and select Delete.

For Internet Explorer: In the right pane, locate the WebBrowser sub-key and open it. In the right pane, locate the ITBarLayout value. Right click this value and select Delete.

Quit Registry Editor.

Open the affected program (Windows Explorer or Internet Explorer) and verify that you're Menu bar/Toolbar has been restored. If not, close all open Windows Explorer and Internet Explorer Windows and repeat the above step. Then locate the ShellBrowser sub-key, open it and delete the ITBarLayout value there.

Back to the top

MORE INFORMATION

Notes: Any Toolbar layout customizations will be undone, and the affected Toolbar will be reset to its default configuration. For Windows Explorer, in Windows XP Home Edition, it may be necessary to re-enable the Address bar in Windows Explorer. To do this open Windows Explorer. Then right click a blank area of the Toolbar or Menu bar and select the Address bar item.

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: 256986 Description of the Microsoft Windows Registry

**nycste** · September 13, 2007

the file ITBarLayout doesnt exist in my registry. soo problemo.

this is all i got.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

"LinksFolderName"="Links"

"Locked"=dword:00000001

"ShowDiscussionButton"="Yes"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Explorer]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,\

aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,\

aa,00,5b,43,83,10,00,00,00,00,00,00,00,01,e0,32,f4,01,00,00,00

"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=hex:21,bf,5c,0e,5f,d1,d0,11,83,01,00,\

aa,00,5b,43,83,22,00,1c,00,08,00,00,00,06,00,00,00,01,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,4c,00,00,00,01,14,02,00,00,00,00,00,c0,00,00,00,00,\

00,00,46,81,00,00,00,10,20,00,00,b6,cb,53,42,c5,dc,c6,01,5c,0f,66,75,69,dc,\

c6,01,5c,0f,66,75,69,dc,c6,01,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,4b,01,14,00,1f,50,e0,4f,d0,20,ea,3a,69,10,a2,d8,\

08,00,2b,30,30,9d,19,00,2f,43,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,5c,00,31,00,00,00,00,00,24,37,a4,1e,10,20,44,4f,43,55,4d,\

45,7e,31,00,00,44,00,03,00,04,00,ef,be,34,35,17,55,24,37,a4,1e,14,00,00,00,\

44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,61,00,6e,00,64,\

00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,00,00,18,00,34,00,\

31,00,00,00,00,00,24,37,6f,81,10,20,75,73,65,72,00,00,20,00,03,00,04,00,ef,\

be,34,35,52,77,24,37,6f,81,14,00,00,00,75,00,73,00,65,00,72,00,00,00,14,00,\

56,00,31,00,00,00,00,00,34,35,31,20,11,20,46,41,56,4f,52,49,7e,31,00,00,3e,\

00,03,00,04,00,ef,be,34,35,52,77,34,35,31,20,14,00,28,00,46,00,61,00,76,00,\

6f,00,72,00,69,00,74,00,65,00,73,00,00,00,40,73,68,65,6c,6c,33,32,2e,64,6c,\

6c,2c,2d,31,32,36,39,33,00,18,00,36,00,31,00,00,00,00,00,34,35,31,20,10,20,\

4c,69,6e,6b,73,00,22,00,03,00,04,00,ef,be,34,35,55,77,34,35,31,20,14,00,00,\

00,4c,00,69,00,6e,00,6b,00,73,00,00,00,14,00,00,00,60,00,00,00,03,00,00,a0,\

58,00,00,00,00,00,00,00,6e,65,77,62,69,65,00,00,00,00,00,00,00,00,00,00,8a,\

60,c4,a9,2a,da,fc,43,8a,f7,47,d3,fc,d3,87,e7,e4,9f,91,72,57,48,db,11,9f,4a,\

00,16,e6,80,e2,8d,8a,60,c4,a9,2a,da,fc,43,8a,f7,47,d3,fc,d3,87,e7,e4,9f,91,\

72,57,48,db,11,9f,4a,00,16,e6,80,e2,8d,00,00,00,00

"{F4D76F09-7896-458A-890F-E1F05C46069F}"=hex:09,6f,d7,f4,96,78,8a,45,89,0f,e1,\

f0,5c,46,06,9f

**nycste** · September 13, 2007

current hijack log.

run hijackthis and post the log

for sure brotha

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:47:10 AM, on 9/13/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Prevx2\PXAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

C:\Program Files\Pidgin\pidgin.exe

C:\Program Files\Outlook Express\msimn.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\regedit.exe