this started about a week ago, while using msn mesenger it kept freezing up and being unresponsive for about 15-30 secs, then, yesterday i signed into msn and said hello to one of my contacts then it froze up, then my friend said "what are you sending me?" i hadn't sent him a file but he got a message saying i was trying to send him a file he cancelled it because maybe it was a virus trying to send itself and spread to his comp. so i thought this was wierd.

i usually have avast running all the time and i checked, it wasn't running so i went to start then avast and run it and it said missing shortcut. i went to program files and the avast folder was there and there were lots of things in there except for the actual avast.exe program. i tried to run spybot S&D, it was the same with this, missing shortcut, program files folder still there with all files in it for spybot except spybot.exe. so i kept this window open of the spybot folder and downloaded and installed spybot again.

as it was installing the spybot.exe and a few other files appeared in the folder, which they should do. but then they dissapeared again before my eyes, maybe a virus deleted them? i done the same with avast and the same happened. so i rebooted into safe mode only to get BSOD.
i rebooted into safe mode for diagnostic or something, installed avast and spybot, completely scanned everything with them both, they found a few things and deleted them all. then i rebooted into normal mode. internet didnt work, spybot and avast had been deleted again. as a last resort i tried system restore to about 1 week ago, it rebooted and everything then said it cant restore to that date. i tried a few other dates and it cant restore to those either. i can usually solve problems with comps and am quite computer literate but this has stumped me. the only thing i can think of now is using the win xp cd and repairing my windows installation. i don't want to do that because it resets settings and it takes time etc. is there any other way to fix this? now i'm posting on here with another computer. what is doing this and what can i do?

Hi killo, Athlon is correct.
Can you please follow the prework link in my signiture, and post the resulting logs back here?

One of our security team members will be able to look at them for you

ok i have run hijack this, here are my results:

Logfile of HijackThis v1.99.1
Scan saved at 9:00:36 AM, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5499BCB1-5641-4A4C-9F75-462D4D8D0DA0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


I think thats really wierd, I've never known any malware, or viruses etc to actually delete antivirus and antispyware programs like that and then delete them again, while they were installing!

thanks Killo,

i've moved your thread to the HJT log forum. One of the security team will be along to examine it for you

Hi
I dont see any problems in your log.It all looks fine.Give this a go......



1. If the issue co-incides with installation of new software, uninstall any new programs from Add/Remove Programs in Control Panel and reboot.

2. If the issue co-incides with the installation of a driver or other hardware related component, roll back or uninstall the driver/disconnect the hardware and reboot.

3. Run Disk Cleanup and download and run ATF Cleaner. Use it to remove all Temp Files, Cookies and Temp Internet Files, Java Cache and any others that you would like to remove. If you also use Opera or Firefox, also click on the cleaning options for each browser.

4. Have you defragged recently? If not, please do so. Win9x/ME users should run scandisk first.

5. If the problem is only when you connect to the Internet, have you spoken to your ISP? If not, please do so before posting a log.

6. Boot into Safe Mode and compare Safe Mode with your normal startup in Windows. Safe Mode should be slower due to more conservative settings but if it's faster, the problem is probably software related and this could include malware.

7. Check for unnecessary startups. Use msconfig (Start > Run and type msconfig and ok. Click on the Startup Tab and uncheck any startups that are not required). You can check which programs are required to run at startup here (N = No, U = User Defined in other words maybe, Y = Yes). Just feed in the startup item and search.

1. i haven't installed any new software recently
2. i haven't installed any new drivers recently
3. i have run ccleaner and advanced windows care
4. i have run chkdsk c: /r and have defragged recently
5. the internet doesn't work anymore
6. i can't boot into safe mode, i get a BSOD
7. i have done that, still got problems

again, I've never known any malware, or viruses etc to actually delete antivirus and antispyware programs like that and then delete them again, while they were installing! what are your thoughts on this? could it be a virus deleting them?

All I can suggest for the moment is to go back and do a System Restore back to before you had the problem....