Task Manager will not work, rundll32.exe (was) missing, had malware popup warning

[alveress85]

Hello,

I have been battling against the virus(s) for the last two days. I have tried several methods of removing them (and I believe I have removed some). However, I have some issues still to sort out and I believe the only way to solve my problems is by working with the talent on this forum. The major problems I am having is: Task Manager wont work, I had a pop up (in the running tasks bar near the clock) Warning spyware detected window (but I got rid of that. I then had rundll32.exe missing from my computer (but I fixed that) Also, when I try and uninstall things, or run programs, they cut out back to the desk top, but only for certain things. And lastly I cannot uninstall Spyware doctor (which is out of subscription). (I believe this is due to the programs cutting out problem.

Things I have already done.

1. Downloaded/Updated Spybot S&D (However, this was difficult because of the cutting back to the desk top, so I had to install it in safe mode)
2. Ran online scanner: Had issues with it. (It would close, and I didn't know how to delete the virus's or generate a report)
3. Here is the HJT:

Logfile of HijackThis v1.99.1
Scan saved at 4:13:11 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\AOL\1139083325\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\avp.exe
C:\Documents and Settings\All Users\Application Data\szarkrmf.exe
C:\WINDOWS\smgr.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {415F3903-E8BB-4E01-A76E-608CA513C595} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [iHatePopups.exe] "C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139083325\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [szarkrmf.exe] C:\Documents and Settings\All Users\Application Data\szarkrmf.exe
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe
O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Ryan\NewVersion\setup-8876480.exe -ReportOnly
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: dllhost.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Allow popups from this web page - C:\Program Files\Sunbelt Software\iHatePopups\allowsite.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stop popups from this web page - C:\Program Files\Sunbelt Software\iHatePopups\denysite.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: iHatePopups - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe (HKCU)
O9 - Extra 'Tools' menuitem: iHatePopups - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzlo32 - C:\WINDOWS\SYSTEM32\winzlo32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Client IP-IPX - Unknown owner - -e,mc-110-12-0000140, (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Any help would be much appreciated. Thanks!

I have also ordered Bitdefender from amazon.com, to use since my norton antivirus and spyware doctor are not in subscription any longer.

[Shaba]

Hi alveress85

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report

[alveress85]

Hello Shaba! Thank you for replying.

When I double click on the ComboFix.exe. It gives me the following error message: cmd.exe is the title "Another program is currently using this file"

This happens with a lot of programs. However, if I were to go into safe mode, then I would be able to run the program. I will go ahead and do that now, then post the report:

Okay when I tried to go into safe mode to run ComboFix.exe. It gave me the following error: Terminal Error - Missing file "C:\WINDOWS\regedit.exe is missing"

Also, when I go to shut down/restart my computer I get this program that is still running and asks me to end program or hit cancel. smgr.exe

Here is a fresh HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:56:15 PM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\AOL\1139083325\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\avp.exe
C:\Documents and Settings\All Users\Application Data\szarkrmf.exe
C:\WINDOWS\smgr.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {415F3903-E8BB-4E01-A76E-608CA513C595} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [iHatePopups.exe] "C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139083325\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [szarkrmf.exe] C:\Documents and Settings\All Users\Application Data\szarkrmf.exe
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe
O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Ryan\NewVersion\setup-8876480.exe -ReportOnly
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Global Startup: dllhost.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Allow popups from this web page - C:\Program Files\Sunbelt Software\iHatePopups\allowsite.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stop popups from this web page - C:\Program Files\Sunbelt Software\iHatePopups\denysite.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: iHatePopups - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe (HKCU)
O9 - Extra 'Tools' menuitem: iHatePopups - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzlo32 - C:\WINDOWS\SYSTEM32\winzlo32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Client IP-IPX - Unknown owner - -e,mc-110-12-0000140, (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


I await your responce

[Shaba]

Hi

Download regedit.exe from here and place to c:\windows

After that, please re-run combofix.

[alveress85]

Hello Shaba,

I am currently at work. I will be able to run the program and have results for you in about 6 hours. See you then!

[Shaba]

Hi

Ok

Attempt to run combofix again in safe mode if no success in normal mode.

[alveress85]

Hi Shaba,

Another problem :(

Now when I try to go into safe mode (by pressing F8 on startup) It does nothing, but continue to start up into normal mode. What should I do now?

[alveress85]

Also, when I tired to place regedit.exe into the C://WINDOWS folder. It said cannot replace / move / copy because the file already exsists. When I look into C://WINDOWS the file is there. When I try to delete it tells me some other program is using it and it cannot be deleted. Also, this might sound weird, but there is Internet Explorer browsing sounds going on in the back ground of my computer, making me think some program or someone is monitering my computer and using invisible Internet explores to do it (I could be wrong about this; however)

I will await your instruction

[Shaba]

Hi

Ok, then we'll delete most of baddies manually first.

Open HijackThis, click do a system scan only and checkmark these:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {415F3903-E8BB-4E01-A76E-608CA513C595} - C:\WINDOWS\system32\vturp.dll (file missing)
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [szarkrmf.exe] C:\Documents and Settings\All Users\Application Data\szarkrmf.exe
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Global Startup: dllhost.exe
O20 - Winlogon Notify: winzlo32 - C:\WINDOWS\SYSTEM32\winzlo32.dll
O23 - Service: Client IP-IPX - Unknown owner - -e,mc-110-12-0000140, (file missing)

Close all windows including browser and press fix checked.

Please download the Killbox.
Save it to the desktop.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\avp.exe
C:\Documents and Settings\All Users\Application Data\szarkrmf.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\WINDOWS\SYSTEM32\winzlo32.dll
C:\WINDOWS\smgr.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Are you now able to run combofix?

[alveress85]

Hello Shaba!

Okay, these are things I did.

First: I used HJT and manually deleted the files.
Second: I used Killbot and did as you told me to do.
Third: I was now able to replace regedit.exe in windows so I do so
Fourth: I ran combo fis, here is the log:

ComboFix 07-06-18.2 - C:\Documents and Settings\Ryan\Desktop\ComboFix.exe
"Ryan" - 2007-06-22 17:04:39 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Ryan\APPLIC~1.\dobe~1
C:\DOCUME~1\Ryan\APPLIC~1.\mantec~1
C:\DOCUME~1\Ryan\APPLIC~1.\sks~1
C:\DOCUME~1\Ryan\APPLIC~1.\wnsxs~1
C:\DOCUME~1\Ryan\MYDOCU~1.\icroso~1.net
C:\DOCUME~1\Ryan\MYDOCU~1.\mbols~1
C:\DOCUME~1\Ryan\MYDOCU~1.\pppatc~1
C:\DOCUME~1\Ryan\MYDOCU~1.\sks~1
C:\Program Files\Common Files\{3859F~1
C:\Program Files\Common Files\{3859F~1\Bar888.dll
C:\Program Files\Common Files\{3859F~1\UnInstall.exe
C:\Program Files\Common Files\{6859F~1
C:\Program Files\Common Files\{6859F~1\system.dll
C:\Program Files\Common Files\{6859F~1\Update.exe
C:\Program Files\Common Files\pppatc~1
C:\Program Files\install.log
C:\Program Files\oin search
C:\Program Files\ppatch~1
C:\setup.exe
C:\WINDOWS\dobe~1
C:\WINDOWS\ecurit~1
C:\WINDOWS\fnts~1
C:\WINDOWS\pppatc~1
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\smbols~1
C:\WINDOWS\sstem~1
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\p2pnetworking.exe
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\racle~2
C:\WINDOWS\system32\sembly~1
C:\WINDOWS\system32\winsys64.exe
C:\WINDOWS\timessquare1.dat
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_SFSYNC02
-------\Client IP-IPX
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))


2007-06-22 17:06 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-06-22 16:58 <DIR> d-------- C:\!KillBox
2007-06-20 15:50 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-19 15:35 <DIR> d-------- C:\Hijackthis
2007-06-18 21:49 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2007-06-18 21:03 21,035 --a------ C:\WINDOWS\system32\sysmon32.exe
2007-06-18 15:50 <DIR> d-------- C:\VundoFix Backups
2007-06-17 15:07 93,696 --a------ C:\WINDOWS\system32\drvpod.dll
2007-06-16 11:40 <DIR> d-------- C:\Program Files\Netflix


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 21:07:13 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000005-00001102-00000002-80651102}.dat
2007-06-22 21:07:13 24 ----a-w C:\WINDOWS\system32\DVCState-{00000002-00000000-00000005-00001102-00000002-80651102}.dat
2007-06-22 20:32:04 417,792 ----a-w C:\Program Files\Video.exe
2007-06-22 20:32:04 417,792 ----a-w C:\Program Files\Track_03.exe
2007-06-18 19:45:41 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\U3
2007-06-17 20:41:40 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-17 20:35:30 -------- d-----w C:\Program Files\Symantec
2007-06-17 20:35:09 -------- d-----w C:\Program Files\Norton AntiVirus
2007-06-10 14:26:08 -------- d-----w C:\Program Files\Viewpoint
2007-06-07 18:02:18 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\BitTorrent
2007-05-20 16:30:30 -------- d--h--w C:\DOCUME~1\Ryan\APPLIC~1\Move Networks
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-08 19:25:13 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\HP
2007-05-06 14:33:29 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-26 17:55:07 -------- d-----w C:\Program Files\SlySoft
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-24 23:56:43 -------- d-----w C:\Program Files\Alcohol Soft
2007-04-24 23:47:41 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-04-23 23:13:33 -------- d-----w C:\DOCUME~1\Ryan\APPLIC~1\DNA
2007-04-23 13:22:02 -------- d-----w C:\Program Files\BitTorrent
2007-04-23 13:18:21 -------- d-----w C:\Program Files\BitTorrent_DNA
2007-04-23 13:18:07 78,360 ----a-w C:\Program Files\uy.exe
2007-04-23 12:56:49 -------- d-----w C:\Program Files\EA GAMES
2007-04-19 19:47:51 737,280 ---ha-w C:\WINDOWS\iun6002.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-01 18:59:22 774,144 ----a-w C:\Program Files\RngInterstitial.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2006-08-01 16:27]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}=D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2006-08-01 16:23]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 02:00]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 02:00]
"iHatePopups.exe"="C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe" [2003-06-21 16:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HostManager"="C:\Program Files\Common Files\AOL\1139083325\ee\AOLSoftware.exe" [2006-05-09 20:24]
"nwiz"="nwiz.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"PopUpInspector"="C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe" [2003-06-21 16:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Desktop Messenger"="C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Ryan\NewVersion\setup-8876480.exe" []
"Spyware Doctor"="D:\Program Files\Spyware Doctor\swdoctor.exe" [2006-12-11 16:35]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"qmqq"=C:\PROGRA~1\COMMON~1\qmqq\qmqqm.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Spyware Doctor"="D:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="D:\Program Files\ewido anti-malware\shellhook.dll" [2004-09-30 08:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzlo32]
winzlo32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"C:\Program Files\Common Files\CMEII\CMESys.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
C:\PROGRA~1\Toolbar\TBPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
C:\Program Files\VVSN\VVSN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
D:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{953299b9-8056-11d8-ac49-00045a7e74a0}]
AutoRun\command- G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0d0c49b-f2c8-11db-b24e-00508d4dceb2}]
AutoRun\command- G:\Autorun.exe


Contents of the 'Scheduled Tasks' folder
2007-06-22 21:08:49 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-22 17:08:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????92???A~??A~????????\???\???????????U?A~??A~\???\?????????a??????C@?\???\??????s????\??????s\????92?A??s?92??C@?x???`|?w\?????@
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Logitech Desktop Messenger = C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Ryan\NewVersion\setup-8876480.exe -ReportOnly????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-22 17:10:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-22 17:09

--- E O F ---

Fifth: I ran a new HJT report:

Logfile of HijackThis v1.99.1
Scan saved at 17:14, on 2007-06-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\AOL\1139083325\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [iHatePopups.exe] "C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139083325\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe
O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Ryan\NewVersion\setup-8876480.exe -ReportOnly
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Allow popups from this web page - C:\Program Files\Sunbelt Software\iHatePopups\allowsite.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stop popups from this web page - C:\Program Files\Sunbelt Software\iHatePopups\denysite.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: iHatePopups - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe (HKCU)
O9 - Extra 'Tools' menuitem: iHatePopups - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Program Files\Sunbelt Software\iHatePopups\iHatePopups.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames...e.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\System32\r_server.exe" /service (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



And Now I await your reply!
and also, everything is running much better now. Not sure if everything is fixed yet or not I will let you decide that. But there are no brouser sounds, and the smgr.exe thing seems to be gone! So thanks for the help so far!