Unknown virus? Urgent Need for Help!

[Rail]

Hi my computer has been experiancing the following problems for over a month now:

- Unable to access internet: I usually acess internet by PCCW BroadBand, double click the icon, press connect and i get internet. Everything is fine up to then. But when i open IE, nothing hapens and i get the usuall no internet error.

- My sound device seems to have died: If i try play a file in windows media player, i get the error:

"WIndows media player cannot play the file because there is a problem with your sound device. There may not be a sound device installed on your computer, it may be in use by another program, or it may not be functioning properly."

- My start menu bar seems to have changed color all by itself. From the usuall blue bar and green start button, it has changed to the old windows classic style, grey and boxlike. however, when i press the start button, the menu that is displayed is my normal XP theme. But this only happens after a while after the computer boots up. If i dont wait, everything stays in the boxlike theme of windows classic.


What I did:
So far i have Zone alarm and Avast installed. Ad-Aware scan showed up clean. I ran CWShredder multiple times, and always came up with "CWS. Xmlmimefilter, and CWS.Aboutblank" these files always showed up as removed. I dont know if that is any different. A Avast! thourough scann came up with a Win32:Trojan-gen. {UPX!} crawling around in my TEMP folders and C: folder. I removed them in safe mode.

Here is my HiJack This log file:

Logfile of HijackThis v1.97.7
Scan saved at 10:10:13 PM, on 2004-03-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Geoff\Desktop\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: ¶×¥X¦Ü Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1079010448427
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38057.2127199074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Can somebody please help me? the problem has been going on for quite a while now. It even returns after a reformat! I would Greatly appreaciate it if somebody could help me.

Thank You

[whocares]

But when i open IE, nothing hapens and i get the usuall no internet error.

Hi,
can you ftp any sites or ping any adresses (e.g. this forum: 66.98.166.72 )?

- have you checked, if your IE is not by chance set to OFFLINE ?
- have you tried uninstalling/reinstall your inet-connection / mediaplayer /sound card  ?
- you have all WINUpdates applied ?
- Update cwshredder to the newest version (1.53.1), then you shouldn't get any more false positives about "aboutblank"

- you migth want to remove/fix the google.toolbar entries in Hijackthis.log, if you don't need/trust them

Could also be hardware problems:
have you checked your RAM, harddisk, Network card etc with diagnostic tools ? (usually available from the vendors website, or google)

try also Spybot and Onlinescanners from Trendmicro & www.RAVantivirus.com

Further links and details:
http://forum.avast.com/index.php?board=4;action=search

 

[Rail]

- Yes i have checked that IE is not set to offline.
- I have tried reinstalling my inet-connection. Upon reinstalling my sound card, it is fixed and i have sound again, thnx  .
- I have all win updates installed.
- I have yet to update my cwshredder, because my internet still does not work.
- I fixed the google.toolbar entries with no change
- I dont have any hardware problems besides the hard drive. When i plugged another hard drive into the computer, everything worked fine.
- Still need to try trend micro house call sometime because i dont have internet so i cant scann my computer.

Thanks for the help. Though my internet still doesnt work for some mysterious reasons, i can now litsn to music~~

Would much appresiate any more advice. Thanks

PS meby i should just get a new comp, cuz im currently running on a P3 and a GForce 2MX grafix card   ah well see wt happens.

[Eddy]

I see you have the google toolbar. Might be corrupted. Remove it, jsut for testing. I also see you have the MS security advisor. Remove this one/disable it. See if that brings any changes. Since you problem comes back, even after a format and clean installation. It is likely caused by something you install.

Are there any errors in device manager?
Did you install the apropiate motherboard drivers?

[whocares]

can you ftp any sites or ping any adresses (e.g. this forum: 66.98.166.72 )?

Could also be hardware problems:
have you checked your Network card etc with diagnostic tools ? (usually available from the vendors website, or google)

what happens if you remove/deinstal the network card from within device manager ?
after a reboot it should automatically be recognized and installed again

have you checked the relevant BIOS settings ?
I remember I changed something there once, and my Inet connection also died

you can downlaod the uptodate versions of above programs from a different, too. (which you seem to have access to, otherwise you wuldn't be posting here)