I got this proccess named iexplore.exe which runs all the time, even if I dont have IE opened... I tried killing it but it keeps coming back with new pid... one time after I killed it a few times it started changing pids rapidly..
I had the msnetax.dll thing as well tho I think I took care if it. not sure if the 2 are related...
Anyway here are the logs... I used comboscan which uses HijackThis and a few more scans... Thanks for the Help !


ComboScan v20070306.20 run by יובל on 2007-03-14 at 06:01:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as יובל.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 06:01:17, on 14/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PLServ.exe
C:\WINDOWS\system32\msnmsg.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programs\acrobat\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\comboscan.exe
C:\PROGRA~1\HIJACK~1\921C~1.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [Microsoft MSN 7 Services] msnmsg.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [Microsoft MSN 7 Services] msnmsg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Programs\acrobat\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} (LauncherV1 Class) - http://chat-basic.nana.co.il/Cabs/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.il/Cabs/launcher39.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: vb5dmspo.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Privilege Win32 Server - Aladdin Knowledge Systems - C:\WINDOWS\system32\PLServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


-- Files created between 2007-02-14 and 2007-03-14 -----------------------------

2007-03-14 05:49:55 106 --a----c- C:\delete.bat
2007-03-14 05:49:30 40448 --a----c- C:\NoLop.exe
2007-03-14 05:39:43 18480 --a----c- C:\TLIST.EXE
2007-03-14 05:39:43 21584 --a----c- C:\KILL.EXE
2007-03-14 05:34:18 20480 --a------ C:\WINDOWS\system32\msnetax.dll
2007-03-14 04:56:00 2914 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-14 04:55:50 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-14 04:55:50 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-03-14 04:55:50 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-14 04:55:50 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-03-14 04:55:50 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-03-14 04:55:50 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-14 04:55:19 0 d------c- C:\SmitfraudFix<SMITFR~1>
2007-03-14 04:54:54 456344 --a----c- C:\comboscan.exe<COMBOS~1.EXE>
2007-03-13 23:45:45 0 d------c- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-03-09 12:20:31 0 d-------- C:\Documents and Settings\יובל\Application Data\Lavasoft
2007-03-01 21:41:47 18944 --a------ C:\WINDOWS\mshost.exe
2007-03-01 18:36:20 40448 --a------ C:\WINDOWS\system32\mswsockhh.dll<MSWSOC~1.DLL>
2007-03-01 18:20:34 8704 --a------ C:\WINDOWS\winvip.exe
2007-02-27 15:58:55 0 d-------- C:\Documents and Settings\תומר\www.google.com<WWWGOO~1.COM>
2007-02-27 01:22:32 233472 --a------ C:\WINDOWS\system32\wpcap.dll
2007-02-27 01:22:32 61440 --a------ C:\WINDOWS\system32\WanPacket.dll<WANPAC~1.DLL>
2007-02-27 01:22:32 53299 --a------ C:\WINDOWS\system32\pthreadVC.dll<PTHREA~1.DLL>
2007-02-27 01:22:32 81920 --a------ C:\WINDOWS\system32\Packet.dll
2007-02-27 01:22:32 32512 --a------ C:\WINDOWS\system32\drivers\npf.sys
2007-02-25 22:13:45 18022 --a------ C:\WINDOWS\system32\update9.exe
2007-02-25 11:32:51 28160 --a------ C:\WINDOWS\system32\wsys.dll
2007-02-24 14:03:17 60810 --a------ C:\WINDOWS\system32\vcodec.exe
2007-02-24 12:12:47 0 d-------- C:\WINDOWS\t
2007-02-24 11:24:45 30720 --a------ C:\WINDOWS\system32\update6.exe
2007-02-24 11:12:04 30720 --a------ C:\WINDOWS\system32\update1.exe
2007-02-24 11:01:32 18022 --a------ C:\WINDOWS\system32\update5.exe
2007-02-24 10:56:15 33920 --a------ C:\WINDOWS\system32\main.sys
2007-02-24 10:56:13 4864 --a------ C:\WINDOWS\system32\runtime.sys
2007-02-24 10:56:08 18022 --a------ C:\WINDOWS\system32\update8.exe
2007-02-24 10:56:08 0 d------c- C:\Documents and Settings\LocalService\Application Data\Avant Browser<AVANTB~1>
2007-02-24 10:56:06 18022 --a------ C:\WINDOWS\system32\update7.exe
2007-02-24 10:56:01 30208 -----n--- C:\WINDOWS\system32\rpcc.dll
2007-02-24 10:56:00 22528 --a------ C:\WINDOWS\system32\zAskop.dll
2007-02-24 10:56:00 10000 --a------ C:\WINDOWS\system32\uoe3fr.dll
2007-02-24 10:55:57 18022 --a------ C:\WINDOWS\system32\update3.exe
2007-02-24 10:55:54 102916 --a------ C:\WINDOWS\system32\update2.exe
2007-02-24 10:55:51 27648 --a------ C:\WINDOWS\system32\update0.exe
2007-02-23 16:47:04 484 --a------ C:\WINDOWS\eReg.dat
2007-02-20 20:13:44 0 d-------- C:\Documents and Settings\תומר\Application Data\Skype


-- Find3M Report ---------------------------------------------------------------

2007-03-14 04:45:36 303388 --a------ C:\WINDOWS\system32\perfh00d.dat
2007-03-14 04:45:35 52884 --a------ C:\WINDOWS\system32\perfc00d.dat
2007-03-09 12:21:31 0 d-------- C:\Documents and Settings\יובל\Application Data\Avant Browser<AVANTB~1>
2007-03-01 16:15:34 59904 --a------ C:\WINDOWS\system32\mswsock.dll
2007-02-24 17:18:03 0 d-------- C:\Program Files\EA SPORTS<EASPOR~1>
2007-02-24 10:55:48 0 d-------- C:\Program Files\Avant Browser<AVANTB~1>
2007-02-23 16:43:46 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-07 14:14:12 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-02 17:33:20 0 d-------- C:\Program Files\Ligature54<LIGATU~1>
2007-02-02 13:12:44 0 d-------- C:\Program Files\Ligature
2007-02-02 10:33:58 0 d-------- C:\Program Files\eMule
2007-02-02 09:37:01 6656 --a------ C:\WINDOWS\system32\haspvdd.dll
2007-02-02 09:37:01 383 --a------ C:\WINDOWS\system32\haspdos.sys
2007-02-02 09:14:31 0 d-------- C:\Program Files\BitTornado<BITTOR~1>
2007-01-27 17:38:00 0 d-------- C:\Program Files\www.mivzakon.co.il<WWWMIV~1.IL>
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-18 19:55:13 0 d-------- C:\Program Files\ICQLite
2006-12-19 11:09:17 114688 --a------ C:\WINDOWS\system32\slbipsch.dll
2006-12-16 18:32:16 20480 --a------ C:\WINDOWS\system32\e1.dll
2006-12-16 18:32:11 28672 --a------ C:\WINDOWS\system32\vb5dmspo.dll
2006-12-16 18:32:11 20480 --a------ C:\WINDOWS\system32\rdpwmsjt.exe
2006-12-16 18:32:11 24576 --a------ C:\WINDOWS\system32\mcd3mscm.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Microsoft MSN 7 Services"="msnmsg.exe"
"ICQ Lite"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft MSN 7 Services"="msnmsg.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\תפריט התחלה\\תוכניות\\הפעלה\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^HP Image Zone Fast Start.lnk]
"path"="C:\\Documents and Settings\\All Users\\תפריט התחלה\\תוכניות\\הפעלה\\HP Image Zone Fast Start.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone Fast Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\תפריט התחלה\\תוכניות\\הפעלה\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Push Client.LNK]
"path"="C:\\Documents and Settings\\All Users\\תפריט התחלה\\תוכניות\\הפעלה\\Push Client.LNK"
"backup"="C:\\WINDOWS\\pss\\Push Client.LNKCommon Startup"
"location"="Common Startup"
"command"="C:\\INTERW~1\\Student\\pull.exe "
"item"="Push Client"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpcmpmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMSX"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft WPCEmail]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svchost"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\t\\svchost.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft WWW]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="free"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\t\\free.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NetLimiter"
"hkey"="HKLM"
"command"="d:\\Program Files\\NetLimiter\\NetLimiter.exe /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

Continue of the log in next post...

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="services"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\ServicePackFiles\\services.exe"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Smtray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vsnpstd2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\vsnpstd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -u"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -u"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xp_system]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="services"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\ServicePackFiles\\services.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft IE Updater"=dword:00000002
"iPod Service"=dword:00000003
"ServiceLayer"=dword:00000003
"usnjsvc"=dword:00000003
"WZCSVC"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="vb5dmspo.dll "


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="Network Neighborhood"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Firewall auto setup"="C:\\WINDOWS\\TEMP\\winlogon.exe"
"Ujisdfns89fu98ndf"="C:\\WINDOWS\\TEMP\\svchast.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Firewall auto setup"="C:\\WINDOWS\\TEMP\\winlogon.exe"
"Ujisdfns89fu98ndf"="C:\\WINDOWS\\TEMP\\svchast.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of ComboScan: finished at 2007-03-14 at 06:01:42 ------------------------

Welcome to the forum, if you still need help, I am sorry to be the bearer of bad news but you have some nasty infections.
C:\WINDOWS\system32\msnmsg.exe <<< while I am not 100% positive what the worm is, I suspect it is this one:
http://www.sophos.com/security/analyses/w32rbotgo.html It's a backdoor trojan, that's for sure:
http://www.google.com/search?hl=en&q=msnmsg.exe&btnG=Google+Search
You also have this junk: O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan-Proxy.Win32.Xorpix.Fam&threatid=44436
and this: vb5dmspo.dll
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_STRAT.HZ&VSect=Sn

Because your security is badly compromised, I need to provide you with this information:
A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.

One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

Please let us know what you have decided to do in your next post.

Thanks

This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.