Just recently my computer has been running extremely slow, and when I opened up the task manager I noticed iexplore.exe constantly running in the background. If I end the process it simply starts back up again after a few seconds.

I've run Spybot S&D, Ad-Aware, CWShredder, and some other lesser known
utilities...but nothing seems to help this.

Any other suggestions based on my logfile will be greatly appreciated! Thanks in advance for taking the time to read this and any feedback you may give.

Logfile of HijackThis v1.99.1
Scan saved at 18:57:38, on 6/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\CMHWAN~1\LOCALS~1\Temp\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\CMHWAN~1\LOCALS~1\Temp\Rar$EX01.735\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSNToolBandBHO - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\msntb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: 3721中文郵 - {5D73EE86-05F1-49ed-B850-E423120EC329} - http://cmail.3721.com?fb=client (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Welcome to the forum, understand that while it can be used by malware, iexplore.exe is a valid program that your computer can't work without.
http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore/

This looks looks like your problem:
C:\DOCUME~1\CMHWAN~1\LOCALS~1\Temp\mdm.exe
CastleCops says it may be this:
http://www.castlecops.com/startuplist-7186.html or this
http://www.castlecops.com/startuplist-11442.html
Please scan it first to make sure it is bad, use one or more of these:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html

First move HJT out of that Temp folder where it can safely make backups if needed. I prefer it here: C:\HJT\HijackThis.exe. If you need more information use this:
http://russelltexas.com/malware/createhjtfolder.htm

Download ATF-Cleaner: http://forums.security-central.us/showthread.php?t=1925
Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Now navigate to that TEMP folder here:
C:\DOCUMENTS & SETTINGS~1\CMHWAN~1\LOCALS~1\Temp\mdm.exe <<< make sure that Temp folder in red is empty. If that item remained (mdm.exe) then boot to safe mode and delete it.

Once this is done, you have AVG Anti-Spyware onboard, follow the instructions in this link:
http://forums.security-central.us/showthread.php?t=3165
Make sure you get the newest updates first, then scan. Delete or at least quarantine anything that is found. Save that scan report. Post it along with a new HJT log and your comments. Did that take care of your problem?

Thanks

I have followed your steps. After I used the ATF cleaner, I could still see the mdm.exe file in the Temp folder. So I tried to reboot my computer in the safe mode and ready to delete it. But strange thing happened, the mdm.exe file disappeared after the rebooting. I tried to reboot the computer in the normal mode again and still the file vanished. So, I followed the remaining steps, scan my computer by the AVG anti-spyware and hijackthis. My computer seems working fine now, but I'm not sure if the mdm.exe file is deleted or still hiding somewhere. The following are the log files from the AVG and hijackthis program. Once again, many thanks to your help!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:44:31 8/1/2007

+ Scan result:



C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1448\A0123528.exe -> Adware.BargainBuddy : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1457\A0124018.dll -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124066.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124067.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124068.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124069.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124070.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124071.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124072.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124073.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124074.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124075.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124076.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124077.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124078.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124079.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124080.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124081.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124082.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124083.exe -> Adware.NewDotNet : Cleaned.
C:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124084.dll -> Adware.Yahoo : Cleaned.
C:\Documents and Settings\CM Hwang\Local Settings\Temp\zedesh.dat -> Backdoor.IRCBot.oj : Cleaned.
E:\System Volume Information\_restore{574E323E-C519-4377-8F4C-5D7899A20C32}\RP1458\A0124085.exe -> Heuristic.Win32.Dialer : Cleaned.
C:\Documents and Settings\CM Hwang\Cookies\cm hwang@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.30:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\CM Hwang\Cookies\cm hwang@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.32:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.33:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.34:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.35:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.36:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.37:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.38:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.19:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
E:\My Pictures\bro\聯賽杯HTX對MCU.rar/FlOF27B.exe -> Worm.Drefir.a : Cleaned.
E:\My Pictures\bro\聯賽杯HTX對MCU.rar/TuJDE6U.exe -> Worm.Drefir.a : Cleaned.
E:\My Pictures\bro\聯賽杯HTX對MCU.rar/e05qr4C.exe -> Worm.Drefir.a : Cleaned.
E:\emule\西村由紀江_Yukie_Nishimura_14_Albums.rar/B3xfMVE.exe -> Worm.Drefir.a : Cleaned.
E:\emule\西村由紀江_Yukie_Nishimura_14_Albums.rar/nk7815q.exe -> Worm.Drefir.a : Cleaned.
E:\math\math notes\topology from differentiable viewpoint\book.rar/gL51YXe.exe -> Worm.Drefir.a : Cleaned.


::Report end

--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:46:14, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSNToolBandBHO - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\msntb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: 3721中文郵 - {5D73EE86-05F1-49ed-B850-E423120EC329} - http://cmail.3721.com?fb=client (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Thanks for returning your information and the feedback. Your antivirus program probably killed that trojan for you, it appears to be gone. We do have additional issues.

Appears this is a trojan pretending to be a valid item:
O2 - BHO: MSNToolBandBHO - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\msntb.dll
http://www.castlecops.com/CLSID.html
MSNToolBandBHO {49E0E0F0-5C30-11D4-945D-000000000000} X BHO msntb.dll Troj/WavenDl-B trojan
http://www.sophos.com/security/analyses/trojwavendlb.html
This section contains the description and advanced technical information
Troj/WavenDl-B is a Trojan for the Windows platform.
Troj/WavenDl-B attempts to download further executable code. At the time of writing the downloaded file is W32/Waven-A.
The Troj/WavenDl-B is registered as a COM object, creating registry entries under:
HKCR\CLSID\(49E0E0F0-5C30-11D4-945D-000000000000)
HKCR\<Trojan filename>.MSNToolBandBHO\

According to the translated information, this 09 item is no longer valid, if you know that to be true, please remove it with HJT.
O9 - Extra button: 3721??? - {5D73EE86-05F1-49ed-B850-E423120EC329} - http://cmail.3721.com?fb=client (file missing)
http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://cmail.3721.com/&sa=X&oi=translate&resnum=1&ct=result&prev=/search%3Fq%3Dhttp://cmail.3721.com%253Ffb%253Dclient%2B%26hl%3Den%26lr%3D%26sa%3DG

Please follow these instructions:

1) We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender, Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

2) Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: MSNToolBandBHO - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\msntb.dll
O9 - Extra button: 3721??? - {5D73EE86-05F1-49ed-B850-E423120EC329} - http://cmail.3721.com?fb=client (file missing)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot.

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

5) Please scan again with AVG Anti-Spyware and post the scan results.

Update your Antivirus program and run a complete system scan. Post for me any malware located that can't be removed, complete name and pathway.

6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Post the AVG Anti-Spyware scan results, the results of the AVG virus scan and a new HJT log. Please tell me how the computer is running now.

Thanks...Phil

I have followed your steps. The following are the reports. My computer is running fine now, thanks a lot!!

AVG virus scan:
General properties
Report name Complete Test
Start time 10/1/2007 8:00
End time 10/1/2007 9:08:35 (total: 1:08:30.4 hrs)
Launch method Scanning launched by scheduler
Scanning result No threats found
Report status Scanning completed successfully

Object summary
Scanned 175185
Threats Found 0
Cleaned 0
Moved to vault 0
Deleted 0
Errors 0
C:\WINDOWS\system32\drivers\etc\hosts Change Changed

--------------------------------------------------------------------------
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:33:16 10/1/2007

+ Scan result:



:mozilla.63:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.64:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.65:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.76:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.54:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.28:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.74:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.75:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.25:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.48:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.50:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.51:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.52:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.37:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.39:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.40:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.43:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.77:C:\Documents and Settings\CM Hwang\Application Data\Mozilla\Firefox\Profiles\t7qgshk0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.


::Report end

--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:41:38, on 10/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Good to hear:bigthumb: your HJT log looks clean of malware also, let's finish up like this.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

My computer runs smoothly now, thanks for all the information. Anyhow, I have another question which bugs me for a long time. I don't know since when my icq doesn't work anymore. I mean I can still open the program. However, everytime it runs for about 10 mins, it will get frozen and I have to close it. I am using icq 5.1. Any idea? Thanks.

I have not used ICQ in many years preferring Windows Live Messenger. I know nothing about the program, but my first suggestion would be to completely uninstall the program and reinstaill it. You might also try System File Checker in case a Windows file is corrupt or missing and causing the problem. http://www.updatexp.com/scannow-sfc.html

You may find something to help here: http://www.icq.com/help/ or
http://www.suite101.com/article.cfm/pc_support_retired/4290

Thanks

As the problem appears to be resolved this topic has been closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.