[c00per]

Hello,
I didn't know where exactly to post this because I have couple problems but Numb Remxed suggested starting a new thread in the malware forum with an updated hijackthis log.
I had already started topic HERE but my helper couldn't solve all my problems because he has his own problems I guess...

Problems:
1. There's something wrong with my internet connection:
Internet Explorer doesn't work [PHOTO]
Opera also doesn't work [PHOTO]
But Mozilla and Firefox works fine...
Also I can't update Antivirus & AntiSpyware programs.
But other programs like Skype and various downloaders works fine...

2. There's something wrong with my desktop. All icons and taskbar have disappeared [PHOTO]

3. There's something wrong with the startup. It takes very long to load because when "Welcome" window appears [PHOTO] it just jams up or freezes for about 30 seconds.

4. Sometimes explorer just goes crazy and I don't how to describe it [PHOTO1; PHOTO2; PHOTO3; PHOTO4]

HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 14:20:38, on 2006.07.08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.118.2.218:80
F2 - REG:system.ini: Shell=
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {E47F6F85-CC61-4376-BC1D-C49F0F7C7414} - C:\WINDOWS\system32\odmp.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SuNotification] C:\Program Files\ShadowStor\ShadowUser\suatshut.exe
O4 - HKLM\..\Run: [BandwidthMonitor] C:\Program Files\BandwidthMonitor\BWMONITOR.EXE
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [Rapget] C:\Documents and Settings\Vartotojas\My Documents\Software\RapGet\rapget.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fyrlekkh] C:\feupftof.bat
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mrutkyqi] C:\fjgcxrrp.bat
O4 - HKLM\..\Run: [qcmvcmti] C:\boragmnx.bat
O4 - HKLM\..\Run: [enydbdse] C:\jxpctuat.bat
O4 - HKLM\..\Run: [kidldtdn] C:\rljhyjxa.bat
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\dap\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Setup] C:\Program Files\Setup\Setup.exe
O4 - HKLM\..\Run: [MP3 Alarm Clock] C:\Program Files\MP3 Alarm Clock\mp3alarmclock.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [DAP Cleanup] C:\DOCUME~1\VARTOT~1\LOCALS~1\Temp\DAPREMOVE.EXE /CLEANUP /DIR="C:\PROGRA~1\DAP"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [adobemgr] C:\WINDOWS\system32\adobemgr.exe
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 4 Professional\MediaDetector.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [Alcohol 4.03.5.3823 Setup] "C:\Documents and Settings\Vartotojas\My Documents\Alcohol 120% 1.9.5.3823\Alcohol120_retail_1.9.5.3823.exe"
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: WinAmp.lnk = C:\Program Files\Winamp\winampa.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ShadowUser Pro Edition.lnk = C:\Program Files\ShadowStor\ShadowUser\ShadowUser.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\dap\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\dap\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe
O9 - Extra 'Tools' menuitem: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129151998062
O17 - HKLM\System\CCS\Services\Tcpip\..\{06A287A7-5FD1-42AD-B594-478A8ECF975E}: NameServer = 212.59.0.1,212.59.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{06A287A7-5FD1-42AD-B594-478A8ECF975E}: NameServer = 212.59.0.1,212.59.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{06A287A7-5FD1-42AD-B594-478A8ECF975E}: NameServer = 212.59.0.1,212.59.0.2
O20 - AppInit_DLLs: vsmvhk.dll
O20 - Winlogon Notify: sunotify - C:\WINDOWS\SYSTEM32\sunotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Auto Power-on (AutoPower) - Unknown owner - C:\Program Files\Auto Power-on\AutoPower.exe (file missing)
O23 - Service: CYWGHNOEAQQUFM - Unknown owner - C:\DOCUME~1\VARTOT~1\LOCALS~1\Temp\CYWGHNOEAQQUFM.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

[c00per]

Hi Falu,
D.amn, I was looking only in Waiting room and I didn't see that you have already replied.

HijackThis [Updated on July 11]
Logfile of HijackThis v1.99.1
Scan saved at 06:21:06, on 2006.07.11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\dap\DAP.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\FileZilla\FileZilla.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.118.2.218:80
F2 - REG:system.ini: Shell=
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {E47F6F85-CC61-4376-BC1D-C49F0F7C7414} - C:\WINDOWS\system32\odmp.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SuNotification] C:\Program Files\ShadowStor\ShadowUser\suatshut.exe
O4 - HKLM\..\Run: [BandwidthMonitor] C:\Program Files\BandwidthMonitor\BWMONITOR.EXE
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [Rapget] C:\Documents and Settings\Vartotojas\My Documents\Software\RapGet\rapget.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fyrlekkh] C:\feupftof.bat
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mrutkyqi] C:\fjgcxrrp.bat
O4 - HKLM\..\Run: [qcmvcmti] C:\boragmnx.bat
O4 - HKLM\..\Run: [enydbdse] C:\jxpctuat.bat
O4 - HKLM\..\Run: [kidldtdn] C:\rljhyjxa.bat
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\dap\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Setup] C:\Program Files\Setup\Setup.exe
O4 - HKLM\..\Run: [MP3 Alarm Clock] C:\Program Files\MP3 Alarm Clock\mp3alarmclock.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [DAP Cleanup] C:\DOCUME~1\VARTOT~1\LOCALS~1\Temp\DAPREMOVE.EXE /CLEANUP /DIR="C:\PROGRA~1\DAP"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [adobemgr] C:\WINDOWS\system32\adobemgr.exe
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 4 Professional\MediaDetector.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [Alcohol 4.03.5.3823 Setup] "C:\Documents and Settings\Vartotojas\My Documents\Alcohol 120% 1.9.5.3823\Alcohol120_retail_1.9.5.3823.exe"
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: WinAmp.lnk = C:\Program Files\Winamp\winampa.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ShadowUser Pro Edition.lnk = C:\Program Files\ShadowStor\ShadowUser\ShadowUser.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\dap\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\dap\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe
O9 - Extra 'Tools' menuitem: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129151998062
O17 - HKLM\System\CCS\Services\Tcpip\..\{06A287A7-5FD1-42AD-B594-478A8ECF975E}: NameServer = 212.59.0.1,212.59.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DA50103-E154-4E37-A53C-5F10662D2484}: NameServer = 212.59.0.1 212.59.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{06A287A7-5FD1-42AD-B594-478A8ECF975E}: NameServer = 212.59.0.1,212.59.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{06A287A7-5FD1-42AD-B594-478A8ECF975E}: NameServer = 212.59.0.1,212.59.0.2
O20 - AppInit_DLLs: vsmvhk.dll
O20 - Winlogon Notify: sunotify - C:\WINDOWS\SYSTEM32\sunotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Auto Power-on (AutoPower) - Unknown owner - C:\Program Files\Auto Power-on\AutoPower.exe (file missing)
O23 - Service: CYWGHNOEAQQUFM - Unknown owner - C:\DOCUME~1\VARTOT~1\LOCALS~1\Temp\CYWGHNOEAQQUFM.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

[c00per]

Hi Falu and thanks for your help

After I removed bad entries with HijackThis, it asked for reboot. And after that desktop icons and taskbar [which was missing - I wrote about that in my first post] RETURNED!!! But... When I rebooted to safe mode, finished your tasks and rebooted again desktop icons and taskbar was missing again... Overall, I still have all problems listed in my firsts post...

And I completed all your tasks except that I didn't find these files:

Quote

C:\WINDOWS\system32\odmp.dll
C:\feupftof.bat
C:\fjgcxrrp.bat
C:\boragmnx.bat
C:\jxpctuat.bat
C:\rljhyjxa.bat
C:\WINDOWS\system32\adobemgr.exe

Ewido
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 07:01:59, 2006.07.12
+ Report-Checksum: A043AC73

+ Scan result:

:mozilla.24:C:\Documents and Settings\Vartotojas\Application Data\Mozilla\Profiles\default\uz0rf81f.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Vartotojas\Application Data\Mozilla\Profiles\default\uz0rf81f.slt\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Vartotojas\Application Data\Mozilla\Profiles\default\uz0rf81f.slt\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Vartotojas\Application Data\Mozilla\Profiles\default\uz0rf81f.slt\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Program Files\Install Creator\Uninstal.exe -> Adware.EShoper : Cleaned with backup
D:\My Documents\My Music\HouPass\Download_Agreement.exe -> Adware.Agent : Cleaned with backup
D:\My Documents\My Music\HouPass\Free_Mp3-SearchEngine.exe -> Adware.Agent : Cleaned with backup
D:\My Documents\My Music\HouPass\Mp3_License.exe -> Adware.Agent : Cleaned with backup
D:\My Documents\My Music\HouPass\Mp3_PlugIn.exe -> Adware.Agent : Cleaned with backup
D:\My Documents\Software\rapidharvest2.zip/mp3_plugin.exe -> Downloader.IstBar : Cleaned with backup

::Report End


HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 07:36:31, on 2006.07.12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.118.2.218:80
F2 - REG:system.ini: Shell=
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SuNotification] C:\Program Files\ShadowStor\ShadowUser\suatshut.exe
O4 - HKLM\..\Run: [BandwidthMonitor] C:\Program Files\BandwidthMonitor\BWMONITOR.EXE
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [Rapget] C:\Documents and Settings\Vartotojas\My Documents\Software\RapGet\rapget.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM\..\Run: [Setup] C:\Program Files\Setup\Setup.exe
O4 - HKLM\..\Run: [MP3 Alarm Clock] C:\Program Files\MP3 Alarm Clock\mp3alarmclock.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\VARTOT~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 4 Professional\MediaDetector.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] C:\Program Files\Spyware Doctor\swdoctor.exe /Q
O4 - HKCU\..\Run: [SpyBlocs] C:\Program Files\eBlocs\SpyBlocs\GLF48.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: WinAmp.lnk = C:\Program Files\Winamp\winampa.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ShadowUser Pro Edition.lnk = C:\Program Files\ShadowStor\ShadowUser\ShadowUser.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe
O9 - Extra 'Tools' menuitem: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129151998062
O17 - HKLM\System\CCS\Services\Tcpip\..\{06A287A7-5FD1-42AD-B594-478A8ECF975E}: NameServer = 212.59.0.1,212.59.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DA50103-E154-4E37-A53C-5F10662D2484}: NameServer = 212.59.0.1 212.59.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{06A287A7-5FD1-42AD-B594-478A8ECF975E}: NameServer = 212.59.0.1,212.59.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{06A287A7-5FD1-42AD-B594-478A8ECF975E}: NameServer = 212.59.0.1,212.59.0.2
O20 - AppInit_DLLs: vsmvhk.dll
O20 - Winlogon Notify: sunotify - C:\WINDOWS\SYSTEM32\sunotify.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Auto Power-on (AutoPower) - Unknown owner - C:\Program Files\Auto Power-on\AutoPower.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[c00per]

Hi Falu and thanks for your help

My desktop icons and taskbar returned again But now I fear to turn off my pc because I'm afraid that icons and taskbar will disappear again. And it looks like the other problems remained.

Update
I've restarted my pc couple times and it looks like problems 2 and 3 are solved - desktop icons and taskbar didn't disappear and startup length is normal again
Don't know about problem 4 so it looks like the only left problem is internet connection - IE and Opera don't work and I can't update antivirus and antispyware programs. And also pc is kinda slow but I think I can live with that.

And I completed all your tasks except that I didn't find these files:

Quote

O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\VARTOT~1\LOCALS~1\Temp\se.dll,DllInstall
eblocs
SpyBlocs
C:\Program Files\eBlocs
C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
C:\DOCUME~1\VARTOT~1\LOCALS~1\Temp\se.dll

Ab LogFile
AboutBuster 6.03
Scan started on [2006.07.13] at [20:06:48]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 20:10:33


AboutBuster 6.03
Scan started on [2006.07.13] at [20:18:45]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 20:22:23


HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 21:39:13, on 2006.07.13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Folding@Home\FahCore_7a.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.118.2.218:80
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SuNotification] C:\Program Files\ShadowStor\ShadowUser\suatshut.exe
O4 - HKLM\..\Run: [BandwidthMonitor] C:\Program Files\BandwidthMonitor\BWMONITOR.EXE
O4 - HKLM\..\Run: [DeskCalc] "c:\program files\deskcalc pro\deskcalc.exe" /hide
O4 - HKLM\..\Run: [MP3 Alarm Clock] C:\Program Files\MP3 Alarm Clock\mp3alarmclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 4 Professional\MediaDetector.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] C:\Program Files\Spyware Doctor\swdoctor.exe /Q
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: WinAmp.lnk = C:\Program Files\Winamp\winampa.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ShadowUser Pro Edition.lnk = C:\Program Files\ShadowStor\ShadowUser\ShadowUser.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe
O9 - Extra 'Tools' menuitem: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129151998062
O17 - HKLM\System\CCS\Services\Tcpip\..\{06A287A7-5FD1-42AD-B594-478A8ECF975E}: NameServer = 212.59.0.1,212.59.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DA50103-E154-4E37-A53C-5F10662D2484}: NameServer = 212.59.0.1 212.59.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{06A287A7-5FD1-42AD-B594-478A8ECF975E}: NameServer = 212.59.0.1,212.59.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{06A287A7-5FD1-42AD-B594-478A8ECF975E}: NameServer = 212.59.0.1,212.59.0.2
O20 - AppInit_DLLs: vsmvhk.dll
O20 - Winlogon Notify: sunotify - C:\WINDOWS\SYSTEM32\sunotify.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Auto Power-on (AutoPower) - Unknown owner - C:\Program Files\Auto Power-on\AutoPower.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[c00per]

Hi Falu and thanks very much for your help

I've restarted my pc couple times and it looks like problems 2 and 3 are solved - desktop icons and taskbar didn't disappear and startup length is normal again

Don't know about problem 4 - it didn't appeared for a couple days - so it looks like the only left problem is internet connection - IE and Opera don't work and I can't update antivirus and antispyware programs. And also pc is kinda slow but I think I can live with that.

But this time I couldn't complete none of your tasks

Quote

Download and Save Blacklight to your desktop

When I open that page I always get this message:

F-Secure.com said:

A system error reading a resource occured!
Server error 404
Not Found
The page you requested was not found on server, please go back and try again.

Probably you used an outdated link or an old bookmark.

If you followed a link on our site, please try it again in a few minutes.

Quote

Do an online scan with Kaspersky WebScanner

Kaspersky Online Scanner works only with MS Internet Explorer 5.0 or higher - you know that my IE doesn't work.

Quote

Please go HERE to run Panda's ActiveScan

ActiveScan requires the browser Microsoft Internet Explorer 5.0 or later version - you know that my IE doesn't work.

Quote

C:\Program Files\eBlocs<< folder
C:\PROGRA~1\YETISP~1\IEBUTT~1.DLL<< file
C:\DOCUME~1\VARTOT~1\LOCALS~1\Temp\se.dll<< file

I still couldn't find these.

HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 22:31:40, on 2006.07.14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\MP3 Alarm Clock\mp3alarmclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Analog Clock\AnalogClock.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ShadowStor\ShadowUser\ShadowUser.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Folding@Home\FahCore_7a.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.118.2.218:80
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SuNotification] C:\Program Files\ShadowStor\ShadowUser\suatshut.exe
O4 - HKLM\..\Run: [BandwidthMonitor] C:\Program Files\BandwidthMonitor\BWMONITOR.EXE
O4 - HKLM\..\Run: [DeskCalc] "c:\program files\deskcalc pro\deskcalc.exe" /hide
O4 - HKLM\..\Run: [MP3 Alarm Clock] C:\Program Files\MP3 Alarm Clock\mp3alarmclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 4 Professional\MediaDetector.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] C:\Program Files\Spyware Doctor\swdoctor.exe /Q
O4 - HKCU\..\Run: [AnalogClock] C:\Program Files\Analog Clock\AnalogClock.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: WinAmp.lnk = C:\Program Files\Winamp\winampa.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ShadowUser Pro Edition.lnk = C:\Program Files\ShadowStor\ShadowUser\ShadowUser.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe
O9 - Extra 'Tools' menuitem: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129151998062
O17 - HKLM\System\CCS\Services\Tcpip\..\{06A287A7-5FD1-42AD-B594-478A8ECF975E}: NameServer = 212.59.0.1,212.59.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{06A287A7-5FD1-42AD-B594-478A8ECF975E}: NameServer = 212.59.0.1,212.59.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{06A287A7-5FD1-42AD-B594-478A8ECF975E}: NameServer = 212.59.0.1,212.59.0.2
O20 - AppInit_DLLs: vsmvhk.dll
O20 - Winlogon Notify: sunotify - C:\WINDOWS\SYSTEM32\sunotify.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Auto Power-on (AutoPower) - Unknown owner - C:\Program Files\Auto Power-on\AutoPower.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: rpcapd - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[c00per]

Hi Falu
I managed to download Blacklight. Your link didn't worked for me because I live in Europe and there's a little bit different link to download Blacklight. And it looks like Blacklight didn't find anything bad:

Quote

07/15/06 05:56:52 [Info]: BlackLight Engine 1.0.42 initialized
07/15/06 05:56:52 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/15/06 05:56:52 [Note]: 7019 4
07/15/06 05:56:52 [Note]: 7005 0
07/15/06 05:56:57 [Note]: 7006 0
07/15/06 05:56:57 [Note]: 7011 3780
07/15/06 05:56:57 [Note]: 7026 0
07/15/06 05:56:58 [Note]: 7026 0
07/15/06 05:57:03 [Note]: FSRAW library version 1.7.1019
07/15/06 06:03:41 [Note]: 7007 0

[c00per]

Hi Falu

1. Spybot Search & Destroy and AdAware didn't find anything bad except couple cookies.

2. I uninstalled older Java versions and updated the latest version.

3. I didn't receive the "DllRegisterServer in urlmon.dll succeeded" message only when I typed Mshtml.dll:


But this didn't resolve the problem, IE, Opera, Microsoft AntiSpyware, XoftSpySE and Nod32 still can't connect to the internet
?

[c00per]

For Internet Explorer I think the problem could be that no matter what website I want to open Internet Explorer is always "connecting to site 200.118.2.218".

[c00per]

Hi Falu
Well, if my pc is clean then I would like to thank you I really appreciate your help and the most important thing is that your help was really useful. I asked many people what to do with my problems - they simply suggested to reinstall Windows - but you were the only one, who managed to solve them without that So thank you again for help and of course for future recommendations Farewell!