well im having a bet of a problem with removing this a real pest wied though i got from windows update i kwn wied but true

anyway heres a log

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svehost.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\tom\Desktop\KillBox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\tom\Desktop\HiJackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Program Files\RivaTuner v2.08\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMem] D:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe
O4 - Global Startup: PC Alert 4.lnk = D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207854853165
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

any ideas


now as iv done a kilbox with the processes from the prevous post of this problem and it nothing was found something did happen though when windows got to windows log on it rebooted i kwn lol

im also getting the exploer crash

update iv fixed it with combofix

first i ran hijack this

then i ran killbox found the program name deleted the entry xd

then i used combo fix

heres a log incase u can spot anything else

ComboFix 08-04-11.5 - tom 2008-04-11 23:39:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.607 [GMT 1:00]
Running from: C:\Documents and Settings\tom\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000015_.tmp.dll
C:\WINDOWS\system32\_000016_.tmp.dll
C:\WINDOWS\system32\_000018_.tmp.dll
C:\WINDOWS\system32\_000030_.tmp.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\geBstqRL.dll
C:\WINDOWS\system32\ljJBqpME.dll
C:\WINDOWS\system32\LRqtsBeg.ini
C:\WINDOWS\system32\LRqtsBeg.ini2
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\svehost.exe
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\NPF


((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.

2008-04-11 23:29 . 2008-04-11 23:34 <DIR> d-------- C:\SDFix
2008-04-11 23:28 . 2008-04-11 23:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 23:28 . 2008-04-11 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-11 22:36 . 2008-04-11 22:36 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-11 22:36 . 2008-04-11 22:36 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-11 22:36 . 2008-04-11 22:36 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-11 22:31 . 2008-04-11 22:28 1,066,176 --a------ C:\WINDOWS\MSCOMCTL.OCX
2008-04-11 22:30 . 2008-04-11 22:28 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-04-11 22:30 . 2008-04-11 22:28 1,066,176 --a------ C:\MSCOMCTL.OCX
2008-04-11 22:29 . 2008-04-11 22:29 <DIR> d-------- C:\Program Files\MSBuild
2008-04-11 22:25 . 2008-04-11 22:25 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-11 22:24 . 2008-04-11 22:24 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-11 22:23 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-04-11 22:14 . 2008-04-11 22:14 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-11 22:00 . 2008-04-11 22:56 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-11 21:36 . 2008-04-11 21:36 <DIR> d-------- C:\Program Files\uTorrent
2008-04-11 21:36 . 2008-04-11 22:34 <DIR> d-------- C:\Documents and Settings\tom\Application Data\uTorrent
2008-04-11 09:35 . 2008-04-11 09:35 <DIR> d-------- C:\Documents and Settings\tom\Application Data\NPLUTO Corporation
2008-04-11 09:35 . 2003-07-19 16:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-04-11 09:35 . 2005-01-03 07:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-04-11 00:11 . 2008-04-11 00:11 <DIR> d-------- C:\Program Files\Realtek
2008-04-11 00:11 . 2008-04-11 00:11 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-11 00:10 . 2005-04-16 22:20 487,424 --a------ C:\WINDOWS\RtlExUpd.dll
2008-04-10 23:24 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-10 23:24 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-10 23:24 . 2006-08-21 13:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-10 23:20 . 2007-07-09 14:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-10 23:12 . 2008-04-10 23:12 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-10 22:42 . 2008-04-10 23:11 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-10 22:40 . 2008-04-10 22:40 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-10 22:37 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002576_.tmp
2008-04-10 22:34 . 2008-04-10 22:34 <DIR> d-------- C:\WINDOWS\EHome
2008-04-10 22:20 . 2004-08-04 00:56 378,368 --a------ C:\WINDOWS\system32\wzcdlg.dll
2008-04-10 22:20 . 2004-08-04 00:56 51,712 --a------ C:\WINDOWS\system32\wzcsapi.dll
2008-04-10 22:18 . 2008-04-10 22:41 <DIR> d-------- C:\WINDOWS\PeerNet
2008-04-10 22:10 . 2008-04-10 22:10 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-04-10 21:58 . 2004-08-04 00:56 597,504 --a------ C:\WINDOWS\system32\crypt32.dll
2008-04-10 21:58 . 2004-08-04 00:56 248,832 --a------ C:\WINDOWS\system32\newdev.dll
2008-04-10 21:58 . 2004-08-04 00:56 60,416 --a------ C:\WINDOWS\system32\cryptsvc.dll
2008-04-10 21:57 . 2004-08-04 00:56 33,792 --a------ C:\WINDOWS\system32\msgsvc.dll
2008-04-10 21:56 . 2008-04-10 21:56 <DIR> d-------- C:\ijji
2008-04-10 21:56 . 2008-04-10 23:13 <DIR> d--h----- C:\Documents and Settings\tom\Application Data\ijjigame
2008-04-10 21:54 . 2008-04-10 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-04-10 21:51 . 2008-04-10 21:51 0 --a------ C:\WINDOWS\msicpl.ini
2008-04-10 21:47 . 2008-04-10 21:47 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-10 21:38 . 2008-04-10 21:40 <DIR> d-------- C:\Program Files\MSI
2008-04-10 21:38 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe
2008-04-10 21:38 . 2008-02-01 17:07 18,487 --a------ C:\WINDOWS\system32\Ntaccess.sys
2008-04-10 21:38 . 2004-07-23 16:09 13,368 --a------ C:\WINDOWS\system32\FlashVxd.vxd
2008-04-10 21:38 . 2008-01-31 17:18 9,216 --a------ C:\WINDOWS\system32\drivers\FlashSys.sys
2008-04-10 21:35 . 2008-04-10 21:35 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-04-10 21:35 . 2008-04-10 21:48 <DIR> d-------- C:\WINDOWS\NV164400.TMP
2008-04-10 21:35 . 2008-03-24 19:52 175,336 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-04-10 21:34 . 2008-04-10 21:34 <DIR> d-------- C:\NVIDIA
2008-04-10 21:34 . 2008-04-11 21:12 <DIR> d-------- C:\Documents and Settings\tom\Application Data\Xfire
2008-04-04 22:31 . 2008-04-04 22:31 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 19:40 --------- d-----w C:\Documents and Settings\tom\Application Data\Talkback
2008-04-10 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-10 19:01 --------- d-----w C:\Program Files\DIFX
2008-04-10 19:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-10 18:42 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-24 18:52 6,547,872 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-03-10 08:10 4,224 ----a-w C:\WINDOWS\system32\drivers\NVStrap.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"WinMem"="D:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2008-03-24 19:52 13524992]
"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"RivaTunerStartupDaemon"="D:\Program Files\RivaTuner v2.08\RivaTuner.exe" [2008-03-10 09:10 2691072]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2008-03-24 19:52 86016]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2008-03-14 11:41 498176]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Updates"="svehost.exe" []

C:\Documents and Settings\tom\Start Menu\Programs\Startup\
Xfire.lnk - D:\Program Files\Xfire\xfire.exe [2008-04-04 22:30:56 2987856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PC Alert 4.lnk - D:\Program Files\MSI\PC Alert 4\PCAlert4.exe [2008-04-10 21:43:59 552960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJBqpME]
ljJBqpME.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Xfire\\xfire.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 PCAlertDriver;PCAlertDriver;D:\Program Files\MSI\PC Alert 4\NTGLM7X.sys [2006-12-26 14:08]
R3 W8100PCI;Marvell Libertas 802.11b/g Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys [2005-06-08 18:51]
S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2008-03-10 09:10]
S3 dump_wmimmc;dump_wmimmc;d:\Program Files\DriftCity\GameGuard\dump_wmimmc.sys []
S3 HwIOctl;HwIOctl;C:\Program Files\MSI\Live Update 3\FlashUty\AMI\WinSFI\HwIOctl.sys []
S3 Memctl;Memctl;C:\Program Files\MSI\Live Update 3\FlashUty\AMI\WinSFI\Memctl.sys []

*Newly Created Service* - PCALERTDRIVER
*Newly Created Service* - WEBNTACCESS
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 23:42:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FLASHSYS]
"ImagePath"="\??\C:\WINDOWS\System32\Drivers\FLASHSYS.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WEBNTACCESS]
"ImagePath"="\??\C:\WINDOWS\system32\NTACCESS.SYS"
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-11 23:44:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-11 22:44:27
Pre-Run: 2,364,481,536 bytes free
Post-Run: 2,308,218,880 bytes free
.
2008-04-11 08:28:24 --- E O F ---


This post has been edited by tom9927: Apr 11 2008, 04:48 PM