Hello all. I want to thank any and all of you for helping me out. I greatly appreciate your advice...now on to my problem...

I have tried to load different web sites using firefox and IE but to no avail...any particular reason why? I looked on another forum and someone suggested i test to see if i had a few working .dll files...the one that i tested and it didnt work was "regsvr32 Mshtml.dll" ...so i downloaded it again and it worked fine last night...then i go to access the same sites and go figure i'm back to square 1....

so any help or suggestions? or any other information can provide? MANY THANKS!!





Logfile of HijackThis v1.99.1
Scan saved at 7:59:00 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Leon\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {5BC6834F-4888-515B-8D89-10541C09B19D} - C:\Program Files\Outerinfo\OinBHO.dll (file missing)
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BC6834F-4888-515B-8D89-10541C09B19D} - C:\Program Files\Outerinfo\OinBHO.dll (file missing)
O2 - BHO: (no name) - {6C630E6C-DC71-4DF7-8A0F-0CE5B4E0B6A4} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: {610dd766-c875-24cb-3864-05e218f6177d} - {d7716f81-2e50-4683-bc42-578c667dd016} - C:\WINDOWS\system32\drphdgnj.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [{66-66-61-1A-ZN}] C:\DOCUME~1\Leon\LOCALS~1\Temp\stdrun2.exe CHD001
O4 - HKLM\..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM0b255529] Rundll32.exe "C:\WINDOWS\system32\titvdxvt.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/172c772e55c835...ip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1189821869276
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195270563765
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} -
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: vupdnwed - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

dont know if that tells you anything but hopefully it does

i greatly appreciate all of your help

20 views and no suggestions? im dying here people.

Hi and welcome.

Sorry for delay but we do have alot of people needing help.
Alot of views are likely from other victims like yourself looking for answers.

We'll need to run a couple tools to help clean up the junk dropped on your system.

Let's start with this one:

Download SDFix and save it to your Desktop.

In the event you already have SDFix, please delete it as this is a new version I need you to download.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

Let me know how machine is running.
There will be more work to do so please don't run away yet.

Can you tell me also if you uninstalled Norton? All products?

Thanks

SDFix: Version 1.195
Run by Leon on Sun 06/22/2008 at 10:11 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Leon\Desktop\Casey\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\Leon\Favorites\Online Security Guide.lnk - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\bkR11\ftCa.log - Deleted
C:\WINDOWS\system32\daSgo01\daSgo011065.exe - Deleted
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe - Deleted
C:\WINDOWS\system32\netrax01\netrax011065.exe - Deleted
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe - Deleted
C:\WINDOWS\system32\ldinfo.ldr - Deleted
C:\WINDOWS\system32\pac.txt - Deleted



Folder C:\Program Files\WinAble - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp\bkR11 - Removed
Folder C:\Temp\fse - Removed
Folder C:\WINDOWS\system32\daSgo01 - Removed
Folder C:\WINDOWS\system32\f02WtR - Removed
Folder C:\WINDOWS\system32\netrax01 - Removed
Folder C:\WINDOWS\system32\X1 - Removed
Folder C:\WINDOWS\system32\xcsDd01 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 22:35:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS]
"StateIndex"=dword:00000000

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\idkbjakk.exe"="C:\\WINDOWS\\system32\\idk"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\DOCUME~1\Leon\Desktop\Casey\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 4 Nov 2007 383,532 A.SH. --- "C:\WINDOWS\SYSTEM32\dfhkj.tmp"
Sun 4 Nov 2007 378,724 A.SH. --- "C:\WINDOWS\SYSTEM32\dfhkj.bak2"
Sat 17 Nov 2007 436,710 ..SH. --- "C:\WINDOWS\SYSTEM32\ppppo.tmp"
Sat 17 Nov 2007 434,343 A.SH. --- "C:\WINDOWS\SYSTEM32\ppppo.bak2"
Sat 17 Nov 2007 20,810 ..SH. --- "C:\WINDOWS\SYSTEM32\zjapunzp.dllbox"
Thu 23 Feb 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 2 Sep 2004 270 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti5E3.tmp"
Tue 3 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 27 May 2008 6,648 ...H. --- "C:\Documents and Settings\TEMP\Local Settings\Temp\Z@R15.tmp"
Tue 27 May 2008 5,324 ...H. --- "C:\Documents and Settings\TEMP\Local Settings\Temp\Z@R17.tmp"
Wed 9 Apr 2008 3,407,872 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP208\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Fri 29 Dec 2006 262,144 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP208\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Wed 9 Apr 2008 3,407,872 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP209\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Fri 29 Dec 2006 262,144 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP209\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Wed 9 Apr 2008 3,407,872 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP210\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Fri 29 Dec 2006 262,144 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP210\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Wed 9 Apr 2008 3,407,872 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP212\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Fri 29 Dec 2006 262,144 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP212\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Wed 9 Apr 2008 3,407,872 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP213\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Fri 29 Dec 2006 262,144 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP213\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Wed 9 Apr 2008 3,407,872 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP214\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Fri 29 Dec 2006 262,144 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP214\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Wed 9 Apr 2008 3,407,872 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP215\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Fri 29 Dec 2006 262,144 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP215\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Wed 9 Apr 2008 3,407,872 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP216\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Fri 29 Dec 2006 262,144 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP216\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Wed 9 Apr 2008 3,407,872 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP217\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Fri 29 Dec 2006 262,144 A..H. --- "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP217\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-3492734962-61800610-4223009023-501.bak"
Thu 30 Jun 2005 19,456 ...H. --- "C:\Documents and Settings\Leon\Application Data\Microsoft\Word\~WRL0003.tmp"
Thu 30 Jun 2005 19,968 ...H. --- "C:\Documents and Settings\Leon\Application Data\Microsoft\Word\~WRL0005.tmp"
Thu 30 Jun 2005 19,968 ...H. --- "C:\Documents and Settings\Leon\Application Data\Microsoft\Word\~WRL1528.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:25 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {5BC6834F-4888-515B-8D89-10541C09B19D} - C:\Program Files\Outerinfo\OinBHO.dll (file missing)
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BC6834F-4888-515B-8D89-10541C09B19D} - C:\Program Files\Outerinfo\OinBHO.dll (file missing)
O2 - BHO: (no name) - {6C630E6C-DC71-4DF7-8A0F-0CE5B4E0B6A4} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: {610dd766-c875-24cb-3864-05e218f6177d} - {d7716f81-2e50-4683-bc42-578c667dd016} - C:\WINDOWS\system32\drphdgnj.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [{66-66-61-1A-ZN}] C:\DOCUME~1\Leon\LOCALS~1\Temp\stdrun2.exe CHD001
O4 - HKLM\..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM0b255529] Rundll32.exe "C:\WINDOWS\system32\titvdxvt.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [LDM] \Program\BackWeb-8876480.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/172c772e55c835...ip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1189821869276
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195270563765
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} -
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vupdnwed - C:\WINDOWS\
O22 - SharedTaskScheduler: {210b4043-35ca-4aa0-8796-191f9663dfb3} - altmannsberger - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

--
End of file - 7996 bytes

Hi,

Thanks for the logs.

So your Spybot does not interfere with fixes please Undo its "Imunize" then uninstall it.
We can re-install Spybot when done.
Once uninstalled please do the following:

Print out or save instructions to notepad.
You need to so some fixes in safe mode and this page will be non viewable.
If you need instructions from other sites I referr to -- please print or save them before proceeding.

Copy the following text inside code box to a new notepad file.
Save it as file name fix.reg
As file types: All files
Save it to the desktop. Do nothing with it yet.



Please download ATF Cleaner by Atribune.

• Save it to your desktop
• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose:
  
  Windows Temp
  Current User Temp
  All Users Temp
  Temporary Internet Files
  Java Cache
  Recycle bin
  
• Click the Empty Selected button.
  
  If you use Firefox browser
• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
  If you use Opera browser
• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
• Click Exit on the Main menu to close the program.

Reboot system to SAFE mode.
Log into your usual account.

Start Hijackthis (the new one you just installed)
Run system scan only and check the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - {5BC6834F-4888-515B-8D89-10541C09B19D} - C:\Program Files\Outerinfo\OinBHO.dll (file missing)
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - (no file)
O2 - BHO: (no name) - {5BC6834F-4888-515B-8D89-10541C09B19D} - C:\Program Files\Outerinfo\OinBHO.dll (file missing)
O2 - BHO: (no name) - {6C630E6C-DC71-4DF7-8A0F-0CE5B4E0B6A4} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: {610dd766-c875-24cb-3864-05e218f6177d} - {d7716f81-2e50-4683-bc42-578c667dd016} - C:\WINDOWS\system32\drphdgnj.dll
O4 - HKLM\..\Run: [{66-66-61-1A-ZN}] C:\DOCUME~1\Leon\LOCALS~1\Temp\stdrun2.exe CHD001
O4 - HKLM\..\Run: [BM0b255529] Rundll32.exe "C:\WINDOWS\system32\titvdxvt.dll",s
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [LDM] \Program\BackWeb-8876480.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/172c772e55c835...ip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} -
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} -
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: vupdnwed - C:\WINDOWS\
O22 - SharedTaskScheduler: {210b4043-35ca-4aa0-8796-191f9663dfb3} - altmannsberger - (no file)


Hit "fix checked" then OK.
Exit Hijackthis.

Locate fix.reg and right click it.
Choose "merge" and OK.
Should get success message.

Enable system to show hidden files:
How to if needed:

http://www.bleepingcomputer.com/tutorials/tutorial62.html
don't forget to hide files/folders when we are finished cleaning.

Locate and delete the following if found:

C:\Program Files\Outerinfo <-- folder
C:\WINDOWS\system32\titvdxvt.dll <-- file
C:\WINDOWS\SYSTEM32\zjapunzp.dllbox <-- file
C:\WINDOWS\SYSTEM32\ppppo.bak2 <-- file
C:\WINDOWS\SYSTEM32\ppppo.tmp <-- file
C:\WINDOWS\SYSTEM32\dfhkj.bak2 <-- file
C:\WINDOWS\SYSTEM32\dfhkj.tmp <-- file
c:\windows\system32\ldcore.dll <-- file

Empty out recycle bin.

Reboot back to normal mode and post a fresh HJT log here please.
Let me know how system is running.
We will likely have more work to do.

-------------------------

Also --- if these are your threads in other forums-- you may want to let them know you are getting help here so they can close threads:

http://forums.techguy.org/web-email/721958...s-some-web.html

http://www.neowin.net/forum/index.php?show...#entry589499569

Don't try fixing the O10s like the last link at neowin says or you will trash your internet.
Those belong to your antivirus.

When i went to HJT, these were not in the log...

O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)

also- when I go to 'merge' the .reg, i get an error that says "Cannot import C:\Documents and Settings\Leon\Desktop\fix.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor." ....dont know what I should do next...

Tried it twice...still nothing...this is what i put into the fix.reg ...

ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\idkbjakk.exe

...should I proceed with the next steps ? For the [bleep] of it i posted my most recent hjt log (in case it helps)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:09 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1189821869276
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195270563765
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

--
End of file - 5367 bytes

Blender-

I needed to use my computer last night (a semi-important, but not life-or-death, situation and as it turns out I can access some of the sites I needed to before you instructed me to do what I did...I would assume that my computer still is not 'fixed' so I ask, what should I do from here?

Again- I greatly appreciate your help and thank you for taking the time to help solve my problem(s)

Hi,

Sorry for delay. Had power outage yesterday.

I will attach the registry file you need.
Attached is file called "fixit.zip"
Please download this file, save it and unzip it.

Once unzipped, right click fixit.reg then choose "merge"
It should ask if you are sure -- say yes.
Should get success message.

REboot when done please and post a fresh hijackthis log here along with the following:

If you already have used Kaspersky online scanner, please uninstall it via add/remove programs because this is a new version I need you to download.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• Save the file to your desktop.
• Copy and paste that information in your next post.

Graphics tutorial available here if needed:

http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif

Let me know how system is acting please.

Thanks