help with windows xp mce!

[patio]

I find it hard to believe that had you taken the steps outlined that ther baddie would still be there...

Am i missing something

[CBMatt]

Have you been doing these scans in Safe Mode?

[eman619]

yeah I have done the scans in safe mode!

[CBMatt]

Odd.  Well, taking a brief look at shows some instances of infection, but it's a few days old, so would you mind posting a new log?  A fresh log will show us what's still lurking about that may be going undetected.  I'm coming in a little late on this one and looking at an old log would be a waste of time because certain infections may be gone now, and there might also be new ones.  Also, you'll want to move HijackThis to another location.  You have it in a temporary folder, where it will eventually get deleted.  Make a new folder (like C:/Program Files/HJT for example) and move the program (and its backup folder if you can find it) to that new location.

[eman619]

Ok. heres my new hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:16:54 PM, on 4/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
K:\WINDOWS\System32\smss.exe
K:\WINDOWS\system32\winlogon.exe
K:\WINDOWS\system32\services.exe
K:\WINDOWS\system32\lsass.exe
K:\WINDOWS\system32\Ati2evxx.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\System32\svchost.exe
K:\WINDOWS\system32\spoolsv.exe
K:\WINDOWS\system32\Ati2evxx.exe
K:\WINDOWS\Explorer.EXE
K:\WINDOWS\ehome\ehtray.exe
K:\WINDOWS\SOUNDMAN.EXE
K:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
K:\WINDOWS\AGRSMMSG.exe
K:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
K:\Program Files\Softwin\BitDefender10\bdmcon.exe
K:\Program Files\Softwin\BitDefender10\bdagent.exe
K:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
K:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
K:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
K:\PROGRA~1\Grisoft\AVG7\avgemc.exe
K:\WINDOWS\eHome\ehRecvr.exe
K:\WINDOWS\eHome\ehSched.exe
K:\WINDOWS\system32\svchost.exe
K:\Program Files\Wavexpress\TVTonic\WXRSS.exe
K:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
K:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
K:\WINDOWS\system32\dllhost.exe
K:\WINDOWS\eHome\ehmsas.exe
K:\Program Files\BitComet\BitComet.exe
K:\Program Files\Mozilla Firefox\firefox.exe
K:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
K:\Program Files\Softwin\BitDefender10\vsserv.exe
K:\Program Files\Softwin\BitDefender10\bdlite.exe
K:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - K:\WINDOWS\system32\ipv6mops.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - K:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - K:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8635DFA3-7911-4DC0-88F1-EF8640EB2EA2} - k:\windows\system32\gkeagke.dll >(THIS IS THE TROJAN, WELL i THINK)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - K:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MS Explorer - {9A5C9584-DE98-310B-21A1-899F87184987} - K:\WINDOWS\system\wmdcst32.dll
O4 - HKLM\..\Run: [ehTray] K:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] K:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] K:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] K:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "K:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "K:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [BDMCon] "K:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "K:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "K:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "K:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "K:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: TVTonic Tray.lnk = K:\Program Files\Wavexpress\TVTonic\WXTray.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://K:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://K:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://K:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - K:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - K:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: uybhcgao - K:\WINDOWS\SYSTEM32\gkeagke.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - K:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - K:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - K:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - K:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - K:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - K:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - K:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - K:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc - K:\Program Files\Wavexpress\TVTonic\WXRSS.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - K:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)