Trojan BHO & Vundo

Hi,

Romeo29 said I need to post here as my system has been compromised. Here is my original topic with all the background info.

http://www.bleepingcomputer.com/forums/t/218436/multiple-end-program-windows-upon-shutdown/

Thanks in advance for any and all help, much appreciated. I just want my computer back the way it was last week.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Ashley E. Oettinger at 23:06:43.95 on Fri 04/10/2009
Internet Explorer: 6.0.2900.5512

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.8.0\ViewBarBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - No File
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [P2kAutostart]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [HostManager] c:\program files\common files\aol\1139197320\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [NSWosCheck] "c:\program files\norton systemworks\osCheck.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL , ,
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-04-10 18:09 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-10 18:07 --d----- c:\program files\SUPERAntiSpyware
2009-04-10 18:07 --d----- c:\docume~1\ashley~1.oet\applic~1\SUPERAntiSpyware.com
2009-04-10 18:06 --d----- c:\program files\common files\Wise Installation Wizard
2009-04-10 15:08 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-10 15:08 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-04-10 15:08 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll
2009-04-10 15:08 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe
2009-04-10 15:07 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe
2009-04-10 15:07 99,865 a------- c:\windows\system32\dllcache\xlog.exe
2009-04-10 15:07 28,288 a------- c:\windows\system32\dllcache\xjis.nls
2009-04-10 15:07 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys
2009-04-10 15:07 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys
2009-04-10 15:07 19,200 a------- c:\windows\system32\dllcache\wstcodec.sys
2009-04-10 15:07 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys
2009-04-10 15:07 8,192 a------- c:\windows\system32\dllcache\wshirda.dll
2009-04-10 15:05 9,216 a------- c:\windows\system32\dllcache\wamps51.dll
2009-04-10 15:04 113,762 a------- c:\windows\system32\dllcache\usrpda.sys
2009-04-10 15:03 50,176 a------- c:\windows\system32\dllcache\umaxp60.dll
2009-04-10 15:02 230,912 a------- c:\windows\system32\dllcache\tosdvd03.sys
2009-04-10 15:01 94,293 a------- c:\windows\system32\dllcache\sxports.dll
2009-04-10 15:00 24,660 a------- c:\windows\system32\dllcache\spxupchk.dll
2009-04-10 14:59 24,576 a------- c:\windows\system32\dllcache\smc8000n.sys
2009-04-10 14:58 252,032 a------- c:\windows\system32\dllcache\sis300iv.dll
2009-04-10 14:58 101,760 a------- c:\windows\system32\dllcache\sis300ip.sys
2009-04-10 14:58 18,944 a------- c:\windows\system32\dllcache\simptcp.dll
2009-04-10 14:58 161,568 a------- c:\windows\system32\dllcache\sgsmusb.sys
2009-04-10 14:58 18,400 a------- c:\windows\system32\dllcache\sgsmld.sys
2009-04-10 14:58 98,080 a------- c:\windows\system32\dllcache\sgiulnt5.sys
2009-04-10 14:58 386,560 a------- c:\windows\system32\dllcache\sgiul50.dll
2009-04-10 14:58 36,480 a------- c:\windows\system32\dllcache\sfmanm.sys
2009-04-10 14:58 6,784 a------- c:\windows\system32\dllcache\serscan.sys
2009-04-10 14:58 17,664 a------- c:\windows\system32\dllcache\sermouse.sys
2009-04-10 14:58 26,112 a------- c:\windows\system32\dllcache\EXCH_seos.dll
2009-04-10 14:56 62,496 a------- c:\windows\system32\dllcache\s3mtrio.dll
2009-04-10 14:55 23,040 a------- c:\windows\system32\dllcache\EXCH_regtrace.exe
2009-04-10 14:54 33,280 a------- c:\windows\system32\dllcache\psisrndr.ax
2009-04-10 14:53 105,984 a------- c:\windows\system32\dllcache\phdsext.ax
2009-04-10 14:52 31,872 a------- c:\windows\system32\dllcache\ovce.sys
2009-04-10 14:52 28,032 a------- c:\windows\system32\dllcache\ovcd.sys
2009-04-10 14:52 48,000 a------- c:\windows\system32\dllcache\ovcam2.sys
2009-04-10 14:52 25,088 a------- c:\windows\system32\dllcache\ovca.sys
2009-04-10 14:52 54,186 a------- c:\windows\system32\dllcache\otcsercb.sys
2009-04-10 14:52 43,689 a------- c:\windows\system32\dllcache\otceth5.sys
2009-04-10 14:52 27,209 a------- c:\windows\system32\dllcache\otc06x5.sys
2009-04-10 14:52 54,528 a------- c:\windows\system32\dllcache\opl3sax.sys
2009-04-10 14:52 61,696 a------- c:\windows\system32\dllcache\ohci1394.sys
2009-04-10 14:52 198,144 a------- c:\windows\system32\dllcache\nv3.sys
2009-04-10 14:52 123,776 a------- c:\windows\system32\dllcache\nv3.dll
2009-04-10 14:51 51,552 a------- c:\windows\system32\dllcache\ntgrip.sys
2009-04-10 14:51 38,912 a------- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-04-10 14:51 9,344 a------- c:\windows\system32\dllcache\ntapm.sys
2009-04-10 14:51 7,552 a------- c:\windows\system32\dllcache\nsmmc.sys
2009-04-10 14:51 28,672 a------- c:\windows\system32\dllcache\nscirda.sys
2009-04-10 14:51 87,040 a------- c:\windows\system32\dllcache\nm6wdm.sys
2009-04-10 14:51 126,080 a------- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-04-10 14:51 53,248 a------- c:\windows\system32\dllcache\nextlink.dll
2009-04-10 14:51 32,840 a------- c:\windows\system32\dllcache\ngrpci.sys
2009-04-10 14:51 132,695 a------- c:\windows\system32\dllcache\netwlan5.sys
2009-04-10 14:51 65,278 a------- c:\windows\system32\dllcache\netflx3.sys
2009-04-10 14:49 5,504 a------- c:\windows\system32\dllcache\mstee.sys
2009-04-10 14:49 49,024 a------- c:\windows\system32\dllcache\mstape.sys
2009-04-10 14:49 12,416 a------- c:\windows\system32\dllcache\msriffwv.sys
2009-04-10 14:49 2,944 a------- c:\windows\system32\dllcache\msmpu401.sys
2009-04-10 14:49 22,016 a------- c:\windows\system32\dllcache\msircomm.sys
2009-04-10 14:49 1,875,968 a------- c:\windows\system32\dllcache\msir3jp.lex
2009-04-10 14:49 98,304 a------- c:\windows\system32\dllcache\msir3jp.dll
2009-04-10 14:49 35,200 a------- c:\windows\system32\dllcache\msgame.sys
2009-04-10 14:49 6,016 a------- c:\windows\system32\dllcache\msfsio.sys
2009-04-10 14:49 56,832 a------- c:\windows\system32\dllcache\msdvbnp.ax
2009-04-10 14:49 51,200 a------- c:\windows\system32\dllcache\msdv.sys
2009-04-10 14:49 15,232 a------- c:\windows\system32\dllcache\mpe.sys
2009-04-10 14:47 58,368 a------- c:\windows\system32\dllcache\m3091dc.dll
2009-04-10 14:46 9,216 a------- c:\windows\system32\dllcache\kbdnecat.dll
2009-04-10 14:45 151,552 a------- c:\windows\system32\dllcache\irftp.exe
2009-04-10 14:44 61,952 a------- c:\windows\system32\dllcache\icam4ext.dll
2009-04-10 14:43 73,279 a------- c:\windows\system32\dllcache\hsf_spkp.sys
2009-04-10 14:42 123,392 a------- c:\windows\system32\dllcache\hpgt21tk.dll
2009-04-10 14:41 92,160 a------- c:\windows\system32\dllcache\fuusd.dll
2009-04-10 14:40 45,056 a------- c:\windows\system32\dllcache\esunid.dll
2009-04-10 14:39 18,503 a------- c:\windows\system32\dllcache\epro4.sys
2009-04-10 14:38 26,698 a------- c:\windows\system32\dllcache\dlh5xnd5.sys
2009-04-10 14:37 28,672 a------- c:\windows\system32\dllcache\cyycoins.dll
2009-04-10 14:36 236,032 a------- c:\windows\system32\dllcache\camext20.dll
2009-04-10 14:35 23,552 a------- c:\windows\system32\dllcache\atixbar.sys
2009-04-10 14:34 7,168 a------- c:\windows\system32\dllcache\wamregps.dll
2009-04-10 14:34 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-04-10 14:34 19,968 a------- c:\windows\system32\dllcache\inetsloc.dll
2009-04-10 14:34 7,680 a------- c:\windows\system32\dllcache\inetmgr.exe
2009-04-10 14:34 169,984 a------- c:\windows\system32\dllcache\iisui.dll
2009-04-10 14:34 14,336 a------- c:\windows\system32\dllcache\iisreset.exe
2009-04-10 14:34 5,632 a------- c:\windows\system32\dllcache\iisrstap.dll
2009-04-10 14:34 6,144 a------- c:\windows\system32\dllcache\ftpsapi2.dll
2009-04-10 14:33 94,720 a------- c:\windows\system32\dllcache\certmap.ocx
2009-04-09 01:09 --d----- c:\program files\Spybot - Search & Destroy
2009-04-09 00:47 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-09 00:18 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-08 22:20 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-08 22:01 -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-08 22:01 --d----- c:\program files\Lavasoft
2009-04-08 19:08 --d----- c:\program files\a-squared Free
2009-04-08 11:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-08 11:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-08 11:11 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-08 00:50 --d----- c:\docume~1\ashley~1.oet\applic~1\Malwarebytes
2009-04-08 00:48 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-07 17:17 --d----- C:\af3a766660b43e9ae8698a0306709dcd
2009-04-05 19:45 --d----- c:\windows\system32\KB905474
2009-04-03 18:48 --dsh--- c:\documents and settings\ashley e. oettinger\PrivacIE
2009-04-03 18:43 --dsh--- c:\documents and settings\ashley e. oettinger\IETldCache
2009-04-03 18:25 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-03 18:25 81,920 a------- c:\windows\system32\dllcache\ieencode.dll
2009-04-03 18:20 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-04-03 16:48 --d----- c:\windows\system32\appmgmt

==================== Find3M ====================

2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\SET19A.tmp
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-02-19 13:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 13:03 207,240 a------- c:\windows\system32\SymRedir.dll
2009-02-19 12:31 31,280 a------- c:\windows\system32\drivers\SymIM.sys
2009-02-19 12:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
2009-02-19 12:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
2009-02-19 12:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
2009-02-19 12:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
2009-02-19 12:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
2009-02-19 12:31 38,576 a------- c:\windows\system32\drivers\symids.sys
2009-02-19 12:31 37,424 a------- c:\windows\system32\drivers\symndis.sys
2009-02-19 12:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
2009-02-19 12:31 13,616 a------- c:\windows\system32\drivers\symdns.sys
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\dllcache\win32k.sys

============= FINISH: 23:08:45.85 ===============

Hello AshleyO,



Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea

Hi Tea,

Thanks for getting back to me. I still need help.....problem is getting worse. Lots of hesitation and slowness. Since I last posted I have not made any changes to my system. I have noticed something else about my system, but am not sure what it means if anything....I cannot launch programs from the task bar. I usually have to go to start and scroll up or go to all programs to launch. Even when I do that it takes quite a long time at least 1-2 minutes.

Anyway, as requested below is my HijackThis log.

Thanks for your help.

Ashley

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:50 PM, on 4/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\common files\aol\1139197320\ee\services\antiSpywareApp\ver2_0_31_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1139197320\EE\aolsoftware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\AOL\1139197320\EE\aolsoftware.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Ashley E. Oettinger\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139197320\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Filter hijack: text/html - {115cddb7-a95c-487e-81f4-b579e0a5c08a} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL , ,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 18054 bytes

Hello,

You're welcome.

Download the HostsXpert Here
http://www.funkytoad.com/download/HostsXpert.zip

Unzip HostsXpert to your desktop

Open up the HostsXpert program.

* Make sure that the "make hosts writable?" button in the upper left corner is enabled.
* Click back up Host files
* then click "Restore MS Hosts File"
* close program

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O18 - Filter hijack: text/html - {115cddb7-a95c-487e-81f4-b579e0a5c08a} - (no file)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea

Hi Tea,

So I downloaded HostsExpert and "enabled host writeable?" (it was highlighted in red), clicked on back up Hosts files but it did not do anything and when I clicked on "Restore MS Hosts File" I got an error.

ERROR: Cannot create C:\WINDOWS\system32\DRIVERS\ETC\hosts

What am I doing wrong?

Ashley

Don't worry about it right now and just do the rest. You probably didn't do anything wrong, and it's the malware being obnoxious.

It is definitely obnoxious. I was able to complete the rest of the tasks without a problem. Scanned with HijackThis! and deleted all the items you asked, then rebooted. Ran Malwarebytes' Anti-Malware. No infections found. Here are the logs:

Malwarebytes' Anti-Malware 1.36
Database version: 2037
Windows 5.1.2600 Service Pack 3

4/24/2009 6:17:22 PM
mbam-log-2009-04-24 (18-17-22).txt

Scan type: Quick Scan
Objects scanned: 100736
Time elapsed: 44 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:00 PM, on 4/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\AOL\1139197320\ee\AOLSoftware.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\common files\aol\1139197320\ee\services\antiSpywareApp\ver2_0_31_1\AOLSP Scheduler.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Common Files\AOL\1139197320\EE\aolsoftware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Ashley E. Oettinger\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139197320\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Filter hijack: text/html - {115cddb7-a95c-487e-81f4-b579e0a5c08a} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL , ,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 17161 bytes

Hi there,

Well those logs look better, but how is it running?

About the same. I was able to launch explorer from the task bar but it opens quite slowly. Then I launched Outlook and it froze...tried to get get to task manager and all I could see was the desktop and it just froze (task manager did not pop up) and would not do anything. I had to use the power button to shut it down and reboot. I can still hear it processing something even when I have nothing open. Currently I have one internet explorer window open. Task manager says I have 82 processes running. Is that a lot?

One thing I forgot to mention earlier I noticed it boots slower than usual as well over the last couple weeks (ever since this started) right after I enter my password and it loads all my settings.

By the way, I did try to go back and try and run HostsXpert and got the same error.

Ashley

So I just got anothor error which I have not seen since I was first infected.

“Your system is low on virtual memory”

I never saw this before I was infected. Also in the task manager one of the listings for iexplore.exe has 375,280k under the Mem Usage column. Commit charge is 2368/2736....earlier is was 8??/2736.

Well, Explorer just crashed in the other browser window I had open and had to close.

Hopefully this info means something to you...........

Hi Tea,

Did I lose you?????? Trying to be patient as I know you are helping lots of other people in the same boat. Not sure how to proceed and my system is getting worse. Last weekend it crashed a lot and programs are taking a minute or more to open/load.

I noticed in looking at my HijackThis the following line which you asked me to delete is still there..

O18 - Filter hijack: text/html - {115cddb7-a95c-487e-81f4-b579e0a5c08a} - (no file)

I tried deleting it agiain to no avail. I booted in safe mode, ran HijackThis and deleted it, but it it still there.

I also ran DrWeb-CureIt in safe mode (I followed the directions from this site) which found 17 items.

Just as I am typing this I received the “Your system is low on virtual memory” error again....I only have one other window open. Very annoying.

Please advise. Thanks in advance.

Ashley

Hello,

Please read my signature.

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that!

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If ComboFix will not run the first time, then rename ComboFix.exe to AshleyO.exe and try it again.

Thanks,
tea

Hi Tea,

Thanks for your reply. Sorry you are not feeling well. I hope you feel better and the storms pass soon. I will try to be more patient.

I am going to do this now. Will ppost back shortly with results as requested.

BTW, I forgot to add I tried to run a Kapersky scan this past weekend and it did a number on my taskbar notification area. Icons arer missing which when I try to go and fix in the customize area in task bar properties, the program is associated with the wrong icon and some are gone. Also, the Norton Protection Center icon (the one that usually has the check mark in it) will not appear upon startup anymopre. I psysically have to launch the program.

One more thing...Dr. Web-CureIt found 6 more items yesterday but it would not fix them. Once the scan was completed I selected all and moved incureable and it appeared to work, but when I was exiting the program it said they were not fixed. I have the logs if you need me to post them.

Off to go run ComboFix, back shortly.

Ashley

Thanks Ashley.

Yes, please post the Dr. Web report.

tea

Hi Tea,

Ok, the first time I ran Combofix the log came up empty but I did see it delete something....not sure what that means. I ran Combofix again and this time the log came up. Below is the combofix log and the Dr. Web logs.

ComboFix 09-04-29.01 - Ashley E. Oettinger 04/29/2009 12:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.524 [GMT -7:00]
Running from: c:\documents and settings\Ashley E. Oettinger\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-28 22:28 . 2009-04-28 22:39 -------- d-----w c:\documents and settings\Ashley E. Oettinger\.SunDownloadManager
2009-04-27 07:41 . 2009-04-27 07:40 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-27 02:31 . 2009-04-27 02:44 -------- d-----w c:\documents and settings\Ashley E. Oettinger\DoctorWeb
2009-04-25 00:31 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-25 00:31 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-25 00:31 . 2009-04-25 00:32 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 23:33 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 06:30 . 2009-04-27 17:43 -------- d-----w c:\program files\Panda Security
2009-04-11 01:09 . 2009-04-11 01:09 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-11 01:07 . 2009-04-23 19:01 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-11 01:07 . 2009-04-11 01:07 -------- d-----w c:\documents and settings\Ashley E. Oettinger\Application Data\SUPERAntiSpyware.com
2009-04-11 01:06 . 2009-04-11 01:06 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-10 22:08 . 2008-04-14 00:12 116224 ----a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-10 22:08 . 2001-08-18 05:36 23040 ----a-w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-04-10 22:08 . 2008-04-14 00:12 18944 ----a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-04-10 22:08 . 2001-08-18 05:37 27648 ----a-w c:\windows\system32\dllcache\xrxftplt.exe
2009-04-10 22:07 . 2001-08-18 05:37 4608 ----a-w c:\windows\system32\dllcache\xrxflnch.exe
2009-04-10 22:07 . 2001-08-18 05:37 99865 ----a-w c:\windows\system32\dllcache\xlog.exe
2009-04-10 22:07 . 2001-08-17 19:11 16970 ----a-w c:\windows\system32\dllcache\xem336n5.sys
2009-04-10 22:07 . 2004-08-04 05:29 19455 ----a-w c:\windows\system32\dllcache\wvchntxx.sys
2009-04-10 22:07 . 2008-04-13 18:46 19200 ----a-w c:\windows\system32\dllcache\wstcodec.sys
2009-04-10 22:07 . 2004-08-04 05:29 12063 ----a-w c:\windows\system32\dllcache\wsiintxx.sys
2009-04-10 22:07 . 2008-04-14 00:12 8192 ----a-w c:\windows\system32\dllcache\wshirda.dll
2009-04-10 22:05 . 2004-08-04 11:00 9216 ----a-w c:\windows\system32\dllcache\wamps51.dll
2009-04-10 22:04 . 2001-08-17 20:28 113762 ----a-w c:\windows\system32\dllcache\usrpda.sys
2009-04-10 22:03 . 2001-08-18 05:36 50176 ----a-w c:\windows\system32\dllcache\umaxp60.dll
2009-04-10 22:02 . 2001-08-17 21:02 230912 ----a-w c:\windows\system32\dllcache\tosdvd03.sys
2009-04-10 22:01 . 2001-08-18 05:36 94293 ----a-w c:\windows\system32\dllcache\sxports.dll
2009-04-10 22:00 . 2001-08-18 05:36 24660 ----a-w c:\windows\system32\dllcache\spxupchk.dll
2009-04-10 21:59 . 2001-08-17 19:12 24576 ----a-w c:\windows\system32\dllcache\smc8000n.sys
2009-04-10 21:58 . 2001-08-17 21:56 252032 ----a-w c:\windows\system32\dllcache\sis300iv.dll
2009-04-10 21:58 . 2001-08-17 19:50 101760 ----a-w c:\windows\system32\dllcache\sis300ip.sys
2009-04-10 21:58 . 2004-08-04 11:00 18944 ----a-w c:\windows\system32\dllcache\simptcp.dll
2009-04-10 21:58 . 2001-07-21 21:29 161568 ----a-w c:\windows\system32\dllcache\sgsmusb.sys
2009-04-10 21:58 . 2001-07-21 21:29 18400 ----a-w c:\windows\system32\dllcache\sgsmld.sys
2009-04-10 21:58 . 2001-08-17 19:51 98080 ----a-w c:\windows\system32\dllcache\sgiulnt5.sys
2009-04-10 21:58 . 2001-08-18 05:36 386560 ----a-w c:\windows\system32\dllcache\sgiul50.dll
2009-04-10 21:58 . 2001-08-17 19:19 36480 ----a-w c:\windows\system32\dllcache\sfmanm.sys
2009-04-10 21:58 . 2001-08-17 20:53 6784 ----a-w c:\windows\system32\dllcache\serscan.sys
2009-04-10 21:58 . 2001-08-17 20:48 17664 ----a-w c:\windows\system32\dllcache\sermouse.sys
2009-04-10 21:58 . 2001-08-18 05:36 26112 ----a-w c:\windows\system32\dllcache\EXCH_seos.dll
2009-04-10 21:56 . 2001-08-18 05:36 62496 ----a-w c:\windows\system32\dllcache\s3mtrio.dll
2009-04-10 21:55 . 2001-08-18 05:36 23040 ----a-w c:\windows\system32\dllcache\EXCH_regtrace.exe
2009-04-10 21:54 . 2001-08-18 05:36 35328 ----a-w c:\windows\system32\dllcache\psisload.dll
2009-04-10 21:53 . 2004-08-04 11:00 20992 ----a-w c:\windows\system32\dllcache\permchk.dll
2009-04-10 21:52 . 2001-08-17 21:05 31872 ----a-w c:\windows\system32\dllcache\ovce.sys
2009-04-10 21:52 . 2001-08-17 21:05 28032 ----a-w c:\windows\system32\dllcache\ovcd.sys
2009-04-10 21:52 . 2001-08-17 21:05 48000 ----a-w c:\windows\system32\dllcache\ovcam2.sys
2009-04-10 21:52 . 2001-08-17 21:05 25088 ----a-w c:\windows\system32\dllcache\ovca.sys
2009-04-10 21:52 . 2001-08-17 20:28 54186 ----a-w c:\windows\system32\dllcache\otcsercb.sys
2009-04-10 21:52 . 2001-08-17 19:12 43689 ----a-w c:\windows\system32\dllcache\otceth5.sys
2009-04-10 21:52 . 2001-08-17 19:12 27209 ----a-w c:\windows\system32\dllcache\otc06x5.sys
2009-04-10 21:52 . 2001-08-17 19:20 54528 ----a-w c:\windows\system32\dllcache\opl3sax.sys
2009-04-10 21:52 . 2008-04-13 18:46 61696 ----a-w c:\windows\system32\dllcache\ohci1394.sys
2009-04-10 21:52 . 2001-08-17 19:50 198144 ----a-w c:\windows\system32\dllcache\nv3.sys
2009-04-10 21:52 . 2001-08-18 05:36 123776 ----a-w c:\windows\system32\dllcache\nv3.dll
2009-04-10 21:51 . 2001-08-17 19:49 51552 ----a-w c:\windows\system32\dllcache\ntgrip.sys
2009-04-10 21:51 . 2001-08-18 05:36 38912 ----a-w c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-04-10 21:51 . 2001-08-17 20:47 9344 ----a-w c:\windows\system32\dllcache\ntapm.sys
2009-04-10 21:51 . 2001-08-17 20:53 7552 ----a-w c:\windows\system32\dllcache\nsmmc.sys
2009-04-10 21:51 . 2008-04-13 18:54 28672 ----a-w c:\windows\system32\dllcache\nscirda.sys
2009-04-10 21:51 . 2001-08-17 19:20 87040 ----a-w c:\windows\system32\dllcache\nm6wdm.sys
2009-04-10 21:51 . 2001-08-17 19:20 126080 ----a-w c:\windows\system32\dllcache\nm5a2wdm.sys
2009-04-10 21:51 . 2001-08-17 19:12 32840 ----a-w c:\windows\system32\dllcache\ngrpci.sys
2009-04-10 21:51 . 2004-08-04 11:00 53248 ----a-w c:\windows\system32\dllcache\nextlink.dll
2009-04-10 21:51 . 2004-08-04 05:31 132695 ----a-w c:\windows\system32\dllcache\netwlan5.sys
2009-04-10 21:51 . 2001-08-17 19:11 65278 ----a-w c:\windows\system32\dllcache\netflx3.sys
2009-04-10 21:49 . 2008-04-13 18:39 5504 ----a-w c:\windows\system32\dllcache\mstee.sys
2009-04-10 21:49 . 2008-04-13 18:46 49024 ----a-w c:\windows\system32\dllcache\mstape.sys
2009-04-10 21:49 . 2001-08-17 20:48 12416 ----a-w c:\windows\system32\dllcache\msriffwv.sys
2009-04-10 21:49 . 2001-08-17 21:00 2944 ----a-w c:\windows\system32\dllcache\msmpu401.sys
2009-04-10 21:49 . 2008-04-13 18:54 22016 ----a-w c:\windows\system32\dllcache\msircomm.sys
2009-04-10 21:49 . 2004-08-04 11:00 98304 ----a-w c:\windows\system32\dllcache\msir3jp.dll
2009-04-10 21:49 . 2001-08-17 21:02 35200 ----a-w c:\windows\system32\dllcache\msgame.sys
2009-04-10 21:49 . 2001-08-17 20:48 6016 ----a-w c:\windows\system32\dllcache\msfsio.sys
2009-04-10 21:49 . 2008-04-13 18:46 51200 ----a-w c:\windows\system32\dllcache\msdv.sys
2009-04-10 21:49 . 2008-04-13 18:46 15232 ----a-w c:\windows\system32\dllcache\mpe.sys
2009-04-10 21:47 . 2001-08-18 05:36 58368 ----a-w c:\windows\system32\dllcache\m3091dc.dll
2009-04-10 21:46 . 2004-08-04 11:00 7680 ----a-w c:\windows\system32\dllcache\kbdnecnt.dll
2009-04-10 21:45 . 2008-04-14 00:12 151552 ----a-w c:\windows\system32\dllcache\irftp.exe
2009-04-10 21:44 . 2001-08-18 05:36 61952 ----a-w c:\windows\system32\dllcache\icam4ext.dll
2009-04-10 21:43 . 2001-08-17 20:28 73279 ----a-w c:\windows\system32\dllcache\hsf_spkp.sys
2009-04-10 21:42 . 2001-08-18 05:36 123392 ----a-w c:\windows\system32\dllcache\hpgt21tk.dll
2009-04-10 21:41 . 2001-08-18 05:36 92160 ----a-w c:\windows\system32\dllcache\fuusd.dll
2009-04-10 21:40 . 2004-08-04 11:00 25856 ----a-w c:\windows\system32\dllcache\et4000.sys
2009-04-10 21:39 . 2001-08-17 19:12 18503 ----a-w c:\windows\system32\dllcache\epro4.sys
2009-04-10 21:38 . 2001-08-17 19:11 26698 ----a-w c:\windows\system32\dllcache\dlh5xnd5.sys
2009-04-10 21:37 . 2001-08-18 05:36 28672 ----a-w c:\windows\system32\dllcache\cyycoins.dll
2009-04-10 21:36 . 2001-08-18 05:36 236032 ----a-w c:\windows\system32\dllcache\camext20.dll
2009-04-10 21:35 . 2001-08-17 19:49 23552 ----a-w c:\windows\system32\dllcache\atixbar.sys
2009-04-10 21:34 . 2004-08-04 11:00 7168 ----a-w c:\windows\system32\dllcache\wamregps.dll
2009-04-10 21:34 . 2001-08-17 21:56 66048 ----a-w c:\windows\system32\dllcache\s3legacy.dll
2009-04-10 21:34 . 2004-08-04 11:00 19968 ----a-w c:\windows\system32\dllcache\inetsloc.dll
2009-04-10 21:34 . 2004-08-04 11:00 7680 ----a-w c:\windows\system32\dllcache\inetmgr.exe
2009-04-10 21:34 . 2004-08-04 11:00 169984 ----a-w c:\windows\system32\dllcache\iisui.dll
2009-04-10 21:34 . 2004-08-04 11:00 5632 ----a-w c:\windows\system32\dllcache\iisrstap.dll
2009-04-10 21:34 . 2004-08-04 11:00 14336 ----a-w c:\windows\system32\dllcache\iisreset.exe
2009-04-10 21:34 . 2004-08-04 11:00 6144 ----a-w c:\windows\system32\dllcache\ftpsapi2.dll
2009-04-09 08:09 . 2009-04-11 21:33 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-09 07:47 . 2009-04-09 09:17 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-09 07:18 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-09 05:20 . 2009-04-23 05:22 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-09 05:01 . 2009-04-09 07:25 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-09 05:01 . 2009-04-09 05:01 -------- d-----w c:\program files\Lavasoft
2009-04-09 05:01 . 2009-04-09 05:20 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-09 02:08 . 2009-04-11 09:22 -------- d-----w c:\program files\a-squared Free
2009-04-08 07:50 . 2009-04-08 07:50 -------- d-----w c:\documents and settings\Ashley E. Oettinger\Application Data\Malwarebytes
2009-04-08 07:48 . 2009-04-08 07:48 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-08 00:17 . 2009-04-08 00:34 -------- d-----w C:\af3a766660b43e9ae8698a0306709dcd
2009-04-06 02:45 . 2009-03-11 05:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-04-06 02:45 . 2009-04-08 00:36 -------- d-----w c:\windows\system32\KB905474
2009-04-04 01:48 . 2009-04-04 01:48 -------- d-sh--w c:\documents and settings\Ashley E. Oettinger\PrivacIE
2009-04-04 01:44 . 2009-04-04 01:44 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-04 01:43 . 2009-04-04 01:43 -------- d-sh--w c:\documents and settings\Ashley E. Oettinger\IETldCache
2009-04-04 01:25 . 2009-02-20 08:10 81920 ----a-w c:\windows\system32\dllcache\ieencode.dll
2009-04-04 01:25 . 2009-02-20 08:10 81920 ----a-w c:\windows\system32\ieencode.dll
2009-04-04 01:20 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 19:18 . 2006-02-04 04:07 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-29 08:40 . 2006-02-04 04:05 -------- d-----w c:\program files\Google
2009-04-28 22:25 . 2006-02-04 03:51 -------- d-----w c:\program files\Java
2009-04-27 19:29 . 2006-02-06 06:11 -------- d-----w c:\program files\Norton SystemWorks
2009-04-27 08:12 . 2006-02-06 03:43 -------- d-----w c:\program files\Viewpoint
2009-03-11 05:18 . 2009-03-11 05:18 239496 ------w c:\windows\system32\SET19A.tmp
2009-03-06 14:22 . 2004-08-11 23:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:10 . 2004-08-11 23:00 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-19 20:03 . 2009-02-19 20:03 579464 ----a-w c:\windows\system32\SymNeti.dll
2009-02-19 20:03 . 2009-02-19 20:03 207240 ----a-w c:\windows\system32\SymRedir.dll
2009-02-19 19:31 . 2009-02-19 19:31 31280 ----a-w c:\windows\system32\drivers\SymIM.sys
2009-02-19 19:31 . 2009-02-19 19:31 41008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 19:31 . 2009-02-19 19:31 96560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 19:31 . 2009-02-19 19:31 38576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 19:31 . 2009-02-19 19:31 37424 ----a-w c:\windows\system32\drivers\symndis.sys
2009-02-19 19:31 . 2009-02-19 19:31 22320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 19:31 . 2009-02-19 19:31 184496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 19:31 . 2009-02-19 19:31 13616 ----a-w c:\windows\system32\drivers\symdns.sys
2009-02-09 12:10 . 2004-08-11 23:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-11 23:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-11 23:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-11 23:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2004-08-11 23:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 02:02 . 2004-08-04 04:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-11 23:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-11 23:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-11 23:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-11 23:00 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-2-3 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 18:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1139197320\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Common Files\\AOL\\1139197320\\EE\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Apoint\\ApntEx.exe"=
"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"=

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-31 23888]
R3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2005-02-02 9344]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-24 7680]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-11 42112]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-23 64160]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-11 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]
S2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-06 3744]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-23 953168]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-06 3904]
S2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~2\NORTON~1\NPROTECT.EXE [2005-11-04 95832]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 05:22]

2009-04-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]

2009-04-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2009-04-28 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Ashley E. Oettinger.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]

2009-04-27 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2007-09-18 15:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 12:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1588)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(4200)
c:\program files\Common Files\Symantec Shared\NPC\2.0\NPCEXT.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-29 12:23
ComboFix-quarantined-files.txt 2009-04-29 19:22
ComboFix2.txt 2009-04-29 18:50

Pre-Run: 61,951,672,320 bytes free
Post-Run: 62,006,206,464 bytes free

287 --- E O F --- 2009-04-28 22:43


Dr. Web 4-26-09

aspup.exe\data007;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP138.tmp\aspup.exe;Probably BACKDOOR.Trojan;;
aspup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP138.tmp;Archive contains infected objects;Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP2B.tmp\aspapp;Probably BACKDOOR.Trojan;Incurable.Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP41.tmp\aspapp;Probably BACKDOOR.Trojan;Incurable.Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP6D.tmp\aspapp;Probably BACKDOOR.Trojan;Incurable.Moved.;
asprtpup.exe\data007;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASPCE.tmp\asprtpup.exe;Probably BACKDOOR.Trojan;;
asprtpup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASPCE.tmp;Archive contains infected objects;Moved.;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\coach;Archive contains infected objects;Moved.;
RegUBP2b-Ashley E. Oettinger.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
setup.exe;C:\Program Files\AOL\Installers\ASP 2.0;Probably BACKDOOR.Trojan;Incurable.Moved.;
aspupdate\data017;C:\Program Files\Common Files\AOL\AOL Spyware Protection\Update\aspupdate;Probably BACKDOOR.Trojan;;
aspupdate;C:\Program Files\Common Files\AOL\AOL Spyware Protection\Update;Archive contains infected objects;Moved.;
acssetup.exe\data010;C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acssetup.exe;Probably BACKDOOR.Trojan;;
acssetup.exe;C:\Program Files\Common Files\AOL\Backup\ACS\Rollback;Archive contains infected objects;Moved.;
GTDownAO_106.ocx;C:\Program Files\Common Files\AolCoach\en_en;Adware.Gdown;Incurable.Moved.;
A0174013.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1300;BackDoor.Tdss.based;Incurable.Moved.;
A0183452.exe\data007;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1315\A0183452.exe;Probably BACKDOOR.Trojan;;
A0183452.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1315;Archive contains infected objects;Moved.;
A0183453.exe\data007;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1315\A0183453.exe;Probably BACKDOOR.Trojan;;
A0183453.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1315;Archive contains infected objects;Moved.;
A0183454.exe\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1315\A0183454.exe;Adware.Gdown;;
A0183454.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1315;Archive contains infected objects;Moved.;
A0183455.reg;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1315;Trojan.StartPage.1505;Deleted.;
A0183456.exe\data010;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1315\A0183456.exe;Probably BACKDOOR.Trojan;;
A0183456.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1315;Archive contains infected objects;Moved.;


Dr. Web 4-28-09

A0183457.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1315;Probably BACKDOOR.Trojan;;
A0183458.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1315;Probably BACKDOOR.Trojan;;
A0183459.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1315;Probably BACKDOOR.Trojan;;
A0183460.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1315;Probably BACKDOOR.Trojan;;
A0183461.ocx;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1315;Adware.Gdown;;
A0183486.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1316;BackDoor.Tdss.based;;