simplejonny

hey, this is my first time asking for help this way, but i've broken down.
i have a few issues and i'm not sure if they're all connected or not, but here they are...

i have a recurring virus that my windows will warn me of and my avg antivirus tells me is a trojan star page virus. the file is se.dll and is in doc+settings/admin/temp. cleaning my system with ad-aware, avg and cwshredder removes it, but it comes back.

i don't know if this file is connected to cws or not, but i do know i have a version of cws that could only be found by the newest update of cwshredder, and even when i do that, it comes back.

finally, two seperate items that i am concerned about:
1) avgamsvr.exe is using a LARGE amount of system memory when i look at my task manager. and
2) when i boot i am told i have an invalid boot.ini file and that the system will boot from winnt.

in my quest to rid myself of cws and whatever se.dll is i have followed the instructions laid out <a href="http://www.greyknight17.com/spyware.htm">here</a>, and on top of that have run my avg at least once in the last 24 hours. so here is my result from running hjt and the KRC hijack this analyzer in the hope that some of my questions can be answered. any help (with any of my problems if they are not all related) would be very greatly appreciated.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 2/10/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 7:30:05 PM, on 27/02/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\SVA Player\SVAPLAYER.EXE
C:\Program Files\LiveJournal\LiveJournal.exe
C:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=hc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=hc
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=hc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.livejournal.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Rogers Hi-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINNT\System32\wucrtupd.exe -startup
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
O4 - HKLM\..\Run: [DMASwitch] C:\Program Files\CyberLink\PowerDVD\CLDMA.EXE 1 1
O4 - HKLM\..\Run: [WordPerfect Office 1115] C:\Program Files\Common Files\Corel\Registration\EN\Registration.exe /title="WordPerfect Office 11" /date=040204 serial=WS11WTD-9999998-BHS
O4 - HKLM\..\Run: [hhnt] C:\WINNT\hhnt.exe
O4 - HKLM\..\Run: [TsH4G.exe] C:\documents and settings\administrator\local settings\temp\TsH4G.exe
O4 - HKLM\..\Run: [o7mg39l] mshwiz.exe
O4 - HKLM\..\Run: [Network Security Guard] C:\WINNT\System32\sg5e0ttrdy8v.exe
O4 - HKCU\..\Run: [SpywareGuardPlus] C:\WINNT\system32\winmm64.exe
O4 - HKCU\..\Run: [ntnt] C:\WINNT\ntnt.exe
O4 - HKCU\..\Run: [syor] C:\WINNT\system32\syor.exe
O4 - HKCU\..\Run: [64sy64] C:\WINNT\system32\64sy64.exe
O4 - HKCU\..\Run: [3264] C:\WINNT\system32\3264.exe
O4 - HKCU\..\Run: [or3264] C:\WINNT\system32\or3264.exe
O4 - HKCU\..\Run: [orPE3232PE] C:\WINNT\system32\orPE3232PE.exe
O4 - HKCU\..\Run: [s-nts-mshh] C:\WINNT\system32\s-nts-mshh.exe
O4 - HKCU\..\Run: [ors-] C:\WINNT\ors-.exe
O4 - HKCU\..\Run: [PEs-mssy] C:\WINNT\PEs-mssy.exe
O4 - HKCU\..\Run: [sysysy] C:\WINNT\sysysy.exe
O4 - HKCU\..\Run: [32hhhhnt] C:\WINNT\32hhhhnt.exe
O4 - HKCU\..\Run: [or32nt] C:\WINNT\system32\or32nt.exe
O4 - HKCU\..\Run: [or32] C:\WINNT\or32.exe
O4 - HKCU\..\Run: [orms3232ms] C:\WINNT\orms3232ms.exe
O4 - HKCU\..\Run: [ms32ornt32] C:\WINNT\ms32ornt32.exe
O4 - HKCU\..\Run: [s-SP] C:\WINNT\system32\s-SP.exe
O4 - HKCU\..\Run: [hh64sySP] C:\WINNT\hh64sySP.exe
O4 - HKCU\..\Run: [PEnt64] C:\WINNT\PEnt64.exe
O4 - HKCU\..\Run: [32hhororSP] C:\WINNT\system32\32hhororSP.exe
O4 - HKCU\..\Run: [hhnt] C:\WINNT\hhnt.exe
O4 - Startup: LiveJournal.lnk = C:\Program Files\LiveJournal\LiveJournal.exe
O8 - Extra context menu item: LimeShop Preferences - file://c:\Program Files\topMoxie\TEMP\limeshop_script.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Q8276112.exe
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yaho...yiebio4023.cab
O19 - User stylesheet: (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)


End of KRC HijackThis Analyzer Log.
====================================================================