Options
same old problem with the IE error
So, my computer went crazy one day and i really got sick of it until i realized i need this stupid computer. instead of a normal, decent wallpaper i have a blue screen with something saying: A fatal error occured in IE, bla bla, caused by Trojan-Spy.HTML.Smitfraud.c...
and since that horrible day web browsers open by themselves, lots of porn desktop icons can't be deleted, and so on...
anyway, if u think there's an escape, here's that log:
Logfile of HijackThis v1.99.1
Scan saved at 1:32:52 AM, on 4/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\FREESP~1\SpyWatcher.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\JETWAY\PC-TV FM\RemoteCtl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
c:\windows\system32\yiljpni.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0179/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0179/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 69.50.173.4 lycos.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {7C3DE5F9-BCA0-4E81-843B-585DDE1CDA40} - blank (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\FREESP~1\SpyWatcher.exe" -S
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC-TV FM Remote Control.lnk = C:\Program Files\JETWAY\PC-TV FM\RemoteCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {AE33D9C5-994F-4111-B597-065D48554F94} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AE33D9C5-994F-4111-B597-065D48554F94} - (no file) (HKCU)
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
O23 - Service: zzzxSYSTEM_32 - Unknown owner - C:\WINDOWS\System32\zzzxpcl3nl.exe
and since that horrible day web browsers open by themselves, lots of porn desktop icons can't be deleted, and so on...
anyway, if u think there's an escape, here's that log:
Logfile of HijackThis v1.99.1
Scan saved at 1:32:52 AM, on 4/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\FREESP~1\SpyWatcher.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\JETWAY\PC-TV FM\RemoteCtl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
c:\windows\system32\yiljpni.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0179/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0179/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 69.50.173.4 lycos.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {7C3DE5F9-BCA0-4E81-843B-585DDE1CDA40} - blank (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\FREESP~1\SpyWatcher.exe" -S
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC-TV FM Remote Control.lnk = C:\Program Files\JETWAY\PC-TV FM\RemoteCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {AE33D9C5-994F-4111-B597-065D48554F94} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AE33D9C5-994F-4111-B597-065D48554F94} - (no file) (HKCU)
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
O23 - Service: zzzxSYSTEM_32 - Unknown owner - C:\WINDOWS\System32\zzzxpcl3nl.exe
0
Comments
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0179/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 69.50.173.4 lycos.com
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {7C3DE5F9-BCA0-4E81-843B-585DDE1CDA40} - blank (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {AE33D9C5-994F-4111-B597-065D48554F94} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AE33D9C5-994F-4111-B597-065D48554F94} - (no file) (HKCU)
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O23 - Service: zzzxSYSTEM_32 - Unknown owner - C:\WINDOWS\System32\zzzxpcl3nl.exe
Fix those entries then find and delete the following files:
C:\WINDOWS\Nail.exe
C:\WINDOWS\Bolger.dll
C:\WINDOWS\System32\zzzxpcl3nl.exe
Then reboot your computer and post a new log.
and couldn't find
C:\WINDOWS\System32\zzzxpcl3nl.exe
Logfile of HijackThis v1.99.1
Scan saved at 2:37:20 AM, on 4/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\FREESP~1\SpyWatcher.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\JETWAY\PC-TV FM\RemoteCtl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\windows\system32\dlvvjug.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0179/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\FREESP~1\SpyWatcher.exe" -S
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC-TV FM Remote Control.lnk = C:\Program Files\JETWAY\PC-TV FM\RemoteCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
Fix those entries then find and delete Nail.exe, reboot and post a new log.
Logfile of HijackThis v1.99.1
Scan saved at 9:48:29 AM, on 4/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\FREESP~1\SpyWatcher.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\JETWAY\PC-TV FM\RemoteCtl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\windows\system32\fspprqa.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0179/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\FREESP~1\SpyWatcher.exe" -S
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC-TV FM Remote Control.lnk = C:\Program Files\JETWAY\PC-TV FM\RemoteCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
somehow i managed to make the desktop look ok. i mean the blue wallpaper is gone, i have a normal wallpaper now, but the shortcuts are still there, and web pages still open every few minutes. what to do what to do....