Winspyware Pro 2007 [RESOLVED]

Hello and Welcome to Geeks to Go.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

First of it appears that the rest of your HJT log got cut of due to your post being too long. Please make sure next time you make sure its all there.

Step 1
Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Step 2
Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip
Run the program and click the Web button as shown here:


Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/MediaGateway.BFU

Make sure all IE windows are closed.

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.gee...structions.html

Step 3
Download Deckard's System Scanner (DSS) to your Desktop.

• Close all applications and windows.
• Double-click on DSS.exe to run it, and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Thanks for the help, here is the combo fix log

ComboFix 07-09-21.2 - "Jamie" 2007-09-23 14:36:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.58 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\Jamie\APPLIC~1\tmp14.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp16.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp18.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp19.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp1C.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp1D.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp1E.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp20.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp20B6.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp20BA.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp21.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp2320.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp2321.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp2331.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp26.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp28.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp2B.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp2C.tmp.exe
C:\DOCUME~1\Jamie\APPLIC~1\tmp48.tmp.exe
C:\DOCUME~1\Jamie\err.log
C:\DOCUME~1\Jamie\STARTM~1\Programs\Startup.\TA_Start.lnk
C:\DOCUME~1\Jamie\STARTM~1\Programs\Startup\ta_start.lnk
C:\DOCUME~1\Jamie\STARTM~1\Programs\Startup\think-adz.lnk
C:\DOCUME~1\Jay\APPLIC~1\tmp15.tmp.exe
C:\DOCUME~1\Jay\APPLIC~1\tmp17.tmp.exe
C:\DOCUME~1\Jay\APPLIC~1\tmp19.tmp.exe
C:\DOCUME~1\Jay\APPLIC~1\tmp1A.tmp.exe
C:\DOCUME~1\Jay\APPLIC~1\tmp2A.tmp.exe
C:\DOCUME~1\Jay\APPLIC~1\tmp2B.tmp.exe
C:\DOCUME~1\Jay\APPLIC~1\WinTouch
C:\DOCUME~1\Jay\APPLIC~1\WinTouch\wintouch.cfg
C:\DOCUME~1\Jay\err.log
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
C:\Program Files\FunWebProducts\Installr\CacheFF2E4B4.exe
C:\Program Files\FunWebProducts\Installr\Cache\files.ini
C:\Program Files\FunWebProducts\ScreenSaver\Images\1573BCF2.urr
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
C:\Program Files\inetget2
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MSN\zyso.html
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache02EDC1
C:\Program Files\MyWebSearch\bar\Cache03959A
C:\Program Files\MyWebSearch\bar\CacheFF31DE4
C:\Program Files\MyWebSearch\bar\CacheFF323A1
C:\Program Files\MyWebSearch\bar\CacheFF33B01.bin
C:\Program Files\MyWebSearch\bar\Cache\245BD0E7.bin
C:\Program Files\MyWebSearch\bar\Cache\245C22FE.bin
C:\Program Files\MyWebSearch\bar\Cache\245C6D56.bin
C:\Program Files\MyWebSearch\bar\Cache\245CA7BF.bin
C:\Program Files\MyWebSearch\bar\Cache\245CE266
C:\Program Files\MyWebSearch\bar\Cache\8615B151.A
C:\Program Files\MyWebSearch\bar\Cache\8615BA5A.bin
C:\Program Files\MyWebSearch\bar\Cache\8615BB83.bin
C:\Program Files\MyWebSearch\bar\Cache\8615BD38.bin
C:\Program Files\MyWebSearch\bar\Cache\8615CB80.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\b122.exe
C:\WINDOWS\cdgijl.ini
C:\WINDOWS\cookies.ini
C:\WINDOWS\filklm.ini
C:\WINDOWS\ljigdc.dll
C:\WINDOWS\mlklif.dll
C:\WINDOWS\system32\awtqo.exe
C:\WINDOWS\system32\awtsp.exe
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\EVENh32.dll
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\gebaayx.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\regscan.exe
C:\WINDOWS\system32\swinnmdt.exe
C:\WINDOWS\system32\tmp19.tmp.dll
C:\WINDOWS\system32\tmp1E.tmp.dll
C:\WINDOWS\system32\tmp20BA.tmp.dll
C:\WINDOWS\system32\tmp21.tmp.dll
C:\WINDOWS\system32\tmp2331.tmp.dll
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\urpnol.dll
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\ApiMon
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-08-23 to 2007-09-23 )))))))))))))))))))))))))))))))
.

2007-09-23 14:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-18 20:39 425,480 --a------ C:\sysipdk.exe
2007-09-11 21:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-11 21:01 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\SUPERAntiSpyware.com
2007-09-11 21:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-25 09:59 <DIR> d-------- C:\VundoFix Backups
2007-08-24 15:12 <DIR> d-------- C:\WINDOWS\mukw
2007-08-24 15:12 <DIR> d-------- C:\Program Files\Common Files\mukw
2007-08-24 11:25 <DIR> d---s---- C:\DOCUME~1\LOCALS~1\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-18 21:22 --------- d-------- C:\Program Files\Symantec
2007-09-18 21:22 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-18 21:17 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-18 20:37 --------- d-------- C:\Program Files\GameHouse
2007-09-18 20:36 --------- d-------- C:\Program Files\The Weather Channel FW
2007-09-18 20:32 --------- d-------- C:\Program Files\Common Files\AOL
2007-09-18 20:18 --------- d-------- C:\Program Files\QuickTime
2007-09-18 20:18 --------- d-------- C:\Program Files\OneStepSearch
2007-09-18 20:11 --------- d-------- C:\Program Files\iTunes
2007-09-18 20:07 --------- d-------- C:\Program Files\Dell AIO Printer A920
2007-09-18 20:02 --------- d-------- C:\Program Files\AOL Toolbar
2007-09-18 20:02 --------- d-------- C:\Program Files\America Online 9.0a
2007-08-21 19:31 --------- d-------- C:\Program Files\YourScreen
2007-08-20 16:48 --------- d-------- C:\DOCUME~1\Jay\APPLIC~1\YourScreen
2007-08-19 19:38 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-08-10 16:42 --------- d-------- C:\DOCUME~1\Jay\APPLIC~1\MySpace
2007-08-07 09:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winferno
2007-08-06 15:24 --------- d-------- C:\Program Files\MySpace
2007-08-06 15:24 --------- d-------- C:\DOCUME~1\Jamie\APPLIC~1\MySpace
2007-07-31 11:50 --------- d-------- C:\Program Files\Freeze.com
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{290B0BC8-28EC-4AAE-A0A9-03F934072F4F}]
C:\WINDOWS\System32\awtsr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5C6C2CC-2F85-4676-72B3-2A4A5975F51E}]
C:\Program Files\MSN\viki.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ded915e4-a74a-4d3a-be65-ef2bf288f08d}]
2007-08-18 09:04 92910 --a------ C:\WINDOWS\system32\IFSa3d.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 12:55]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 12:51]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 02:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-08-27 20:31]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 15:45]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 15:45]
"DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [2005-10-13 23:26]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 19:46]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 14:38]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 18:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-26 12:00]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 17:59]
"HostManager"="C:\Program Files\Common Files\AOL\1154617031\ee\AOLSoftware.exe" [2006-03-08 14:38]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 11:57]
"rygoxa"="C:\Program Files\MSN Gaming Zone\rygoxa22011.exe" [2007-08-07 16:30]
"{88-8F-F5-53-ZN}"="c:\windows\system32\dwdsrngt.exe" [2007-09-23 14:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 06:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 16:08]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 20:34]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34]
"mukw"="C:\PROGRA~1\COMMON~1\mukw\mukwm.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0a\aoltray.exe [2005-03-24 16:12:30]
DESKTOP.INI [2002-09-03 10:00:00]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2004-12-27 17:31:12]

C:\DOCUME~1\Jamie\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]
TA_Start.lnk - C:\WINDOWS\SYSTEM32\dwdsrngt.exe [2007-09-23 14:42:36]

C:\DOCUME~1\Jay\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IFSa3d]
IFSa3d.dll 2007-08-18 09:04 92910 C:\WINDOWS\SYSTEM32\IFSa3d.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\mllmljg.dll

R2 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
"2004-10-02 21:21:42 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2007-09-11 13:00:05 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
"2007-09-23 18:41:32 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-23 14:41:54
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\msnav32.ax

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ATWPKT2]
"ImagePath"="\??\C:\WINDOWS\System32\drivers\ATWPKT2.SYS"
.
Completion time: 2007-09-23 14:44:22 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-23 14:44
.
--- E O F ---

bbhetch

Here is the hijackthis log, sorry I didn't get everything copied before, I hope everything comes through ok this time. I'll do the bfu.zip next.
bbhetch

Logfile of HijackThis v1.99.1
Scan saved at 2:50:19 PM, on 9/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1154617031\ee\AOLSoftware.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
c:\windows\system32\dwdsrngt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
F:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wowway.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {290B0BC8-28EC-4AAE-A0A9-03F934072F4F} - C:\WINDOWS\System32\awtsr.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: 0 - {B5C6C2CC-2F85-4676-72B3-2A4A5975F51E} - C:\Program Files\MSN\viki.dll (file missing)
O2 - BHO: (no name) - {ded915e4-a74a-4d3a-be65-ef2bf288f08d} - C:\WINDOWS\system32\IFSa3d.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154617031\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [rygoxa] C:\Program Files\MSN Gaming Zone\rygoxa22011.exe
O4 - HKLM\..\Run: [{88-8F-F5-53-ZN}] c:\windows\system32\dwdsrngt.exe CHD003
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [mukw] C:\PROGRA~1\COMMON~1\mukw\mukwm.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsrngt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZUxdm332YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphoto...ploadClient.cab
O20 - AppInit_DLLs: c:\windows\system32\mllmljg.dll
O20 - Winlogon Notify: IFSa3d - C:\WINDOWS\SYSTEM32\IFSa3d.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Here is the main.txt file from dss.exe

Deckard's System Scanner v20070905.67
Run by Jamie on 2007-09-23 15:12:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2007-09-23 19:12:45 UTC - RP629 - Deckard's System Scanner Restore Point
5: 2007-09-23 18:36:13 UTC - RP628 - ComboFix created restore point
4: 2007-09-19 01:04:31 UTC - RP627 - Installed Windows Installer KB893803v2.
3: 2007-09-19 00:35:16 UTC - RP626 - Removed SUPERAntiSpyware Free Edition
2: 2007-09-12 01:01:23 UTC - RP625 - Installed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2007-09-11 23:19:01 UTC - RP624 - problem fix


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Jamie.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-23 15:13:21
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1154617031\ee\aolsoftware.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\SYSTEM32\dwdsrngt.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
F:\dss\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wowway.com/
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...earch.yahoo.com
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {290B0BC8-28EC-4AAE-A0A9-03F934072F4F} - C:\WINDOWS\System32\awtsr.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: 0 - {B5C6C2CC-2F85-4676-72B3-2A4A5975F51E} - C:\Program Files\MSN\viki.dll (file missing)
O2 - BHO: (no name) - {ded915e4-a74a-4d3a-be65-ef2bf288f08d} - C:\WINDOWS\SYSTEM32\IFSa3d.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\MSDXM.OCX
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKEY_LOCAL_MACHINE\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKEY_LOCAL_MACHINE\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154617031\ee\AOLSoftware.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [rygoxa] C:\Program Files\MSN Gaming Zone\rygoxa22011.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [{88-8F-F5-53-ZN}] c:\windows\system32\dwdsrngt.exe CHD003
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [mukw] C:\PROGRA~1\COMMON~1\mukw\mukwm.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsrngt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZUxdm332YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphoto...ploadClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ent/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\windows\system32\mllmljg.dll
O20 - Winlogon Notify: IFSa3d - C:\WINDOWS\System32\IFSa3d.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - "C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - "C:\WINDOWS\wanmpsvc.exe"


-- HijackThis Fixed Entries (F:\HIJACK~1\backups\) -----------------------------

backup-20070825-164005-330 O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
backup-20070825-164006-511 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 catchme - c:\docume~1\jamie\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 OneStep Search Service - "c:\program files\onestepsearch\onestep.exe" "c:\program files\onestepsearch\onestep.dll" service <Not Verified; OneStepSearch.net, Inc.; OneStep Search>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-09-23 15:09:00 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-09-11 09:00:05 386 --a------ C:\WINDOWS\Tasks\rpc.job
2004-10-02 17:21:42 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2007-08-23 and 2007-09-23 -----------------------------

2007-09-23 14:42:36 52783 --a------ C:\WINDOWS\System32\dwdsrngt.exe <Not Verified; ; Browser Driver>
2007-09-18 20:51:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-09-18 20:39:53 425480 --a------ C:\sysipdk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-09-11 21:01:54 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-09-11 21:01:25 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-09-11 21:01:25 0 d-------- C:\Documents and Settings\Jamie\Application Data\SUPERAntiSpyware.com
2007-09-11 19:52:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-25 09:59:33 0 d-------- C:\VundoFix Backups
2007-08-24 15:12:23 0 d-------- C:\Program Files\Common Files\mukw
2007-08-24 15:12:11 0 d-------- C:\WINDOWS\mukw
2007-08-24 11:25:57 0 d---s---- C:\Documents and Settings\LocalService\UserData
2007-08-24 11:25:56 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2007-08-24 10:13:48 0 dr------- C:\Documents and Settings\LocalService\Favorites


-- Find3M Report ---------------------------------------------------------------

2007-09-23 15:13:41 92147 --a------ C:\WINDOWS\System32\dn20a88f53.dat
2007-09-23 14:38:55 0 d-------- C:\Program Files\Common Files
2007-09-18 21:22:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-18 21:22:55 0 d-------- C:\Program Files\Symantec
2007-09-18 20:37:57 0 d-------- C:\Program Files\GameHouse
2007-09-18 20:36:37 0 d-------- C:\Program Files\The Weather Channel FW
2007-09-18 20:32:59 0 d-------- C:\Program Files\Common Files\AOL
2007-09-18 20:18:08 0 d-------- C:\Program Files\QuickTime
2007-09-18 20:18:04 0 d-------- C:\Program Files\OneStepSearch
2007-09-18 20:13:34 0 d-------- C:\Program Files\Messenger
2007-09-18 20:11:30 0 d-------- C:\Program Files\iTunes
2007-09-18 20:07:07 0 d-------- C:\Program Files\Dell AIO Printer A920
2007-09-18 20:02:32 0 d-------- C:\Program Files\AOL Toolbar
2007-09-18 20:02:11 0 d-------- C:\Program Files\America Online 9.0a
2007-08-21 19:56:08 52765 --a------ C:\WINDOWS\System32\lmdsrngm.exe <Not Verified; ; Browser Driver>
2007-08-21 19:31:05 0 d-------- C:\Program Files\YourScreen
2007-08-18 09:04:15 92910 --a------ C:\WINDOWS\System32\IFSa3d.dll
2007-08-17 19:18:25 0 d-------- C:\Program Files\MSN Gaming Zone
2007-08-06 15:24:12 0 d-------- C:\Documents and Settings\Jamie\Application Data\MySpace
2007-08-06 15:24:06 0 d-------- C:\Program Files\MySpace
2007-07-31 11:50:25 0 d-------- C:\Program Files\Freeze.com


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{290B0BC8-28EC-4AAE-A0A9-03F934072F4F}]
C:\WINDOWS\System32\awtsr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5C6C2CC-2F85-4676-72B3-2A4A5975F51E}]
C:\Program Files\MSN\viki.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ded915e4-a74a-4d3a-be65-ef2bf288f08d}]
08/18/2007 09:04 AM 92910 --a------ C:\WINDOWS\system32\IFSa3d.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [02/10/2004 12:55 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [02/10/2004 12:51 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/11/2004 12:43 PM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 09:15 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [03/15/2004 02:04 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 02:01 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [08/27/2004 08:31 PM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [04/19/2004 03:45 PM]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [04/19/2004 03:45 PM]
"DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [10/13/2005 11:26 PM]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [05/02/2003 07:46 PM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [04/18/2005 02:38 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [05/04/2005 06:21 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/26/2005 12:00 PM]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/2004 05:59 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1154617031\ee\AOLSoftware.exe" [03/08/2006 02:38 PM]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [03/27/2006 11:57 AM]
"rygoxa"="C:\Program Files\MSN Gaming Zone\rygoxa22011.exe" [08/07/2007 04:30 PM]
"{88-8F-F5-53-ZN}"="c:\windows\system32\dwdsrngt.exe" [09/23/2007 02:42 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [08/29/2002 06:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 04:08 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [08/19/2005 08:34 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [05/29/2007 09:34 PM]
"mukw"="C:\PROGRA~1\COMMON~1\mukw\mukwm.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Jamie\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]
TA_Start.lnk - C:\WINDOWS\SYSTEM32\dwdsrngt.exe [9/23/2007 2:42:36 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0a\aoltray.exe [3/24/2005 4:12:30 PM]
DESKTOP.INI [9/3/2002 10:00:00 AM]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [12/27/2004 5:31:12 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IFSa3d]
IFSa3d.dll 08/18/2007 09:04 AM 92910 C:\WINDOWS\SYSTEM32\IFSa3d.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\mllmljg.dll

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT



-- End of Deckard's System Scanner: finished at 2007-09-23 15:14:20 ------------


Here is the extra.txt from dss.exe

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 254 MiB / 65.35 MiB
Pagefile Memory (total/avail): 625.39 MiB / 376.94 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1965.29 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 70.96 GiB total, 61.77 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (FAT)

\\.\PHYSICALDRIVE0 - WDC WD800BB-75FJA1 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 70.96 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB

\\.\PHYSICALDRIVE1 - USB 2.0 Flash Disk USB Device - 1929.68 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 1935.48 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is not configured.
AUState says computer is in an unknown state.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jamie\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DD2XDL51
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jamie
LOGONSERVER=\\DD2XDL51
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jamie\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jamie\LOCALS~1\Temp
USERDOMAIN=DD2XDL51
USERNAME=Jamie
USERPROFILE=C:\Documents and Settings\Jamie
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jamie (admin)
Jay (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Toolbar --> "C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Arcade and Puzzle Games --> "C:\Program Files\Arcade and Puzzle Games\uninstall.exe"
ArcSoft PhotoImpression 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}\Setup.exe" -l0x9
Art Explosion Scrapbook Factory Deluxe --> MsiExec.exe /X{E432C362-6A71-4E8A-A68A-AE5246520656}
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Business Contact Manager for Outlook 2003 --> MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
DA920EN --> MsiExec.exe /X{C1E5DF32-8248-4347-908C-E030EDAE4368}
Dell AIO Printer A920 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
Digimax Viewer 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}\Setup.exe"
EarthLink Setup Files --> MsiExec.exe /X{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}
ELMO Knows Your Name --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E38B269F-C8F1-4F3B-95ED-B239D01369A4}\setup.exe" -l0x9 -removeonly
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
HijackThis 1.99.1 --> F:\hijackthis\HijackThis.exe /uninstall
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Internet Explorer Q831167 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q831167.inf
iPod for Windows 2005-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{523E6F2A-2D59-4D91-90E8-6C49931C9F50}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
My Web Search (Webfetti) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsbar.dll,O
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
OneStep Search 1.0 build 120 --> C:\Program Files\OneStepSearch\uninstall.exe
Outlook Express Q837009 --> C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q837009.inf
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Pure Networks Port Magic --> C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RollerCoaster Tycoon 2 Triple Thrill Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C5D15D2-5351-4F05-A96E-56C20554F977}\Setup.exe" -l0x9
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Super Pop & Drop --> C:\PROGRA~1\GAMEHO~1\PopDrop\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\PopDrop\INSTALL.LOG
Super TextTwist --> C:\PROGRA~1\GAMEHO~1\TEXTTW~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\TEXTTW~1\INSTALL.LOG
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Yahoo! extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2590 / Warning
Event Submitted/Written: 09/23/2007 02:41:39 PM
Event ID/Source: 19011 / MSSQL$MICROSOFTBCM
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type2588 / Warning
Event Submitted/Written: 09/23/2007 02:30:51 PM
Event ID/Source: 19011 / MSSQL$MICROSOFTBCM
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type2586 / Warning
Event Submitted/Written: 09/18/2007 09:39:20 PM
Event ID/Source: 19011 / MSSQL$MICROSOFTBCM
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type2584 / Warning
Event Submitted/Written: 09/18/2007 09:32:19 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type2579 / Warning
Event Submitted/Written: 09/18/2007 09:19:36 PM
Event ID/Source: 19011 / MSSQL$MICROSOFTBCM
Event Description:
(SpnRegister) : Error 1355



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type17335 / Error
Event Submitted/Written: 09/23/2007 02:42:40 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {520CCA63-51A5-11D3-9144-00104BA11C5E} did not register with DCOM within the required timeout.

Event Record #/Type17329 / Error
Event Submitted/Written: 09/23/2007 02:39:23 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The combofix service failed to start due to the following error:
%%1053

Event Record #/Type17328 / Error
Event Submitted/Written: 09/23/2007 02:39:23 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the combofix service to connect.

Event Record #/Type17273 / Warning
Event Submitted/Written: 09/18/2007 09:31:20 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "SAS window"

Event Record #/Type17157 / Error
Event Submitted/Written: 09/18/2007 08:55:50 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2007-09-23 15:14:20 ------------

Can I try loading Norton Antivirus 2007 again??

Thanks for all of the help
bbhetch

Hello again,

I am wraping my whole post in a quote box, in order for me to post it due to a forum bug.

Step 1
Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Step 2
1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

http://www.geekstogo...ml#entry1055655

File::
C:\WINDOWS\svhost.exe
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\System32\lmdsrngm.exe
c:\windows\system32\dwdsrngt.exe
C:\WINDOWS\System32\awtsr.dll
c:\windows\system32\mllmljg.dll

Suspect::
C:\WINDOWS\System32\IFSa3d.dll
C:\Program Files\MSN Gaming Zone\rygoxa22011.exe
C:\Program Files\MSN\viki.dll
C:\sysipdk.exe

DirLook::
C:\WINDOWS\mukw
C:\Program Files\Common Files\mukw

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. Additonally, ComboFix will generate the following files on your desktop

• A zipped file on your desktop called Submit [Date Time].zip
• And another file named - CF-Submit.htm

6. ComboFix may need to reboot to finish its work. Let it.

7. When CF has finished running, it will generate the ComboFix.log which will appear on your screen.

8. If CF-Submit.htm is detected, ComboFix will generate this message box:



Clicking OK will cause the machine's browser to load CF-Submit.htm



9. Click the "Browse" button and locate the Submit [Date Time].zip file on your desktop.

• Click on the file to Select it.
• Submit the file by clicking "OK"

10. Once the file has been submitted, please DELETE both files on your desktop.

Step 3
Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {290B0BC8-28EC-4AAE-A0A9-03F934072F4F} - C:\WINDOWS\System32\awtsr.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: 0 - {B5C6C2CC-2F85-4676-72B3-2A4A5975F51E} - C:\Program Files\MSN\viki.dll (file missing)
O2 - BHO: (no name) - {ded915e4-a74a-4d3a-be65-ef2bf288f08d} - C:\WINDOWS\SYSTEM32\IFSa3d.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [rygoxa] C:\Program Files\MSN Gaming Zone\rygoxa22011.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsrngt.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZUxdm332YYUS
O20 - AppInit_DLLs: c:\windows\system32\mllmljg.dll
O20 - Winlogon Notify: IFSa3d - C:\WINDOWS\System32\IFSa3d.dll

Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

Step 4
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Step 5
Please give me the following in your next reply

• Combofix.txt
• Report.txt
• A new HijackThis log[/b] (run after ComboFix & SDFix has finished its work.)

Here is the combofix.txt file

ComboFix 07-09-21.2 - "Jamie" 2007-09-25 19:05:34.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.48 [GMT -4:00]
* Created a new restore point

FILE::
C:\WINDOWS\svhost.exe
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\System32\lmdsrngm.exe
c:\windows\system32\dwdsrngt.exe
C:\WINDOWS\System32\awtsr.dll
c:\windows\system32\mllmljg.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Jamie\APPLIC~1\tmp15.tmp.exe
C:\WINDOWS\system32\dn20a88f53.dat
C:\WINDOWS\system32\winpfz32.sys

.
((((((((((((((((((((((((( Files Created from 2007-08-25 to 2007-09-25 )))))))))))))))))))))))))))))))
.

2007-09-25 18:57 57,344 --a------ C:\WINDOWS\SYSTEM32\DHCPSAP.dll
2007-09-25 18:56 91,648 --a------ C:\WINDOWS\SYSTEM32\DSPRPRE.dll
2007-09-23 16:45 549,720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-09-23 16:45 33,624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-09-23 16:45 325,976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-09-23 16:45 203,096 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-09-23 16:45 186,136 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2007-09-23 16:45 167,704 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2007-09-23 16:08 60,800 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2007-09-23 16:08 123,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2007-09-23 16:08 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-09-23 16:07 <DIR> d-------- C:\Program Files\Symantec
2007-09-23 16:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-23 16:06 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-23 15:12 <DIR> d-------- C:\Deckard
2007-09-23 14:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-18 14:43 43,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\srtspx.sys
2007-09-18 14:43 317,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\srtspl.sys
2007-09-18 14:43 278,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\srtsp.sys
2007-09-11 21:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-11 21:01 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\SUPERAntiSpyware.com
2007-09-11 21:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-25 09:59 <DIR> d-------- C:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 16:23 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-23 16:23 10676 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-18 20:37 --------- d-------- C:\Program Files\GameHouse
2007-09-18 20:36 --------- d-------- C:\Program Files\The Weather Channel FW
2007-09-18 20:32 --------- d-------- C:\Program Files\Common Files\AOL
2007-09-18 20:18 --------- d-------- C:\Program Files\QuickTime
2007-09-18 20:18 --------- d-------- C:\Program Files\OneStepSearch
2007-09-18 20:11 --------- d-------- C:\Program Files\iTunes
2007-09-18 20:07 --------- d-------- C:\Program Files\Dell AIO Printer A920
2007-09-18 20:02 --------- d-------- C:\Program Files\AOL Toolbar
2007-09-18 20:02 --------- d-------- C:\Program Files\America Online 9.0a
2007-09-18 14:44 1430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 14:44 1421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 14:44 1415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 14:44 10658 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-08 20:48 --------- d-------- C:\Program Files\Common Files\mukw
2007-08-21 19:31 --------- d-------- C:\Program Files\YourScreen
2007-08-20 16:48 --------- d-------- C:\DOCUME~1\Jay\APPLIC~1\YourScreen
2007-08-19 19:38 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-08-18 09:04 92910 --a------ C:\WINDOWS\SYSTEM32\IFSa3d.dll
2007-08-10 16:42 --------- d-------- C:\DOCUME~1\Jay\APPLIC~1\MySpace
2007-08-07 09:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winferno
2007-08-06 15:24 --------- d-------- C:\Program Files\MySpace
2007-08-06 15:24 --------- d-------- C:\DOCUME~1\Jamie\APPLIC~1\MySpace
2007-07-31 11:50 --------- d-------- C:\Program Files\Freeze.com
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


---- Directory of C:\WINDOWS\mukw ----

2007-08-24 15:16 4420 --a------ C:\WINDOWS\mukw\mukw.dat
2002-07-26 17:02 153088 --a------ C:\WINDOWS\mukw\wu

---- Directory of C:\Program Files\Common Files\mukw ----

2007-09-08 20:48 1536 --a------ C:\Program Files\Common Files\mukw\mukwh
2007-08-24 15:14 0 --a------ C:\Program Files\Common Files\mukw\mukwl.lck
2007-08-24 15:13 0 --a------ C:\Program Files\Common Files\mukw\mukwm.lck
2007-08-24 15:13 0 --a------ C:\Program Files\Common Files\mukw\mukwa.lck
2004-04-19 21:26 4933375 --a------ C:\Program Files\Common Files\mukw\mukwd\class-barrel


((((((((((((((((((((((((((((( snapshot_2007-09-23_144238.00 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 185,624 2004-08-03 18:04:40 C:\WINDOWS\SYSTEM32\iuengine.dll
----a-w 1,047,552 2003-03-19 04:12:12 C:\WINDOWS\SYSTEM32\mfc71u.dll
----a-w 61,930 2007-09-23 18:49:13 C:\WINDOWS\SYSTEM32\PERFC009.DAT
----a-w 402,426 2007-09-23 18:49:13 C:\WINDOWS\SYSTEM32\PERFH009.DAT
----a-w 624,784 2007-01-10 01:12:22 C:\WINDOWS\SYSTEM32\SymNeti.dll
----a-w 242,320 2007-01-10 01:12:18 C:\WINDOWS\SYSTEM32\SymRedir.dll
----a-w 262,144 2007-09-25 23:04:49 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
----a-w 16,384 2007-09-23 20:32:20 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
----a-w 32,768 2007-09-23 20:32:20 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
----a-w 32,768 2007-09-23 20:32:20 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
----a-w 185,624 2004-08-03 18:04:40 C:\WINDOWS\SYSTEM32\DLLCACHE\iuengine.dll
----a-w 12,984 2007-01-10 00:46:26 C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys
----a-w 145,976 2007-01-10 00:46:26 C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys
----a-w 40,120 2007-01-10 00:46:26 C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys
----a-w 35,256 2007-01-10 00:46:26 C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys
----a-w 38,200 2007-01-10 00:46:28 C:\WINDOWS\SYSTEM32\DRIVERS\symndisv.sys
----a-w 27,576 2007-01-10 00:46:26 C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys
----a-w 191,544 2007-01-10 00:46:26 C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys
----a-w 33,624 2007-07-30 23:18:40 C:\WINDOWS\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
----atw 16,384 2007-09-25 22:44:40 C:\WINDOWS\Temp\Perflib_Perfdata_1a8.dat
.
----a-w 166,912 2002-08-29 10:00:00 C:\WINDOWS\SYSTEM32\IUENGINE.DLL
----a-w 61,930 2007-04-29 13:57:41 C:\WINDOWS\SYSTEM32\PERFC009.DAT
----a-w 402,426 2007-04-29 13:57:41 C:\WINDOWS\SYSTEM32\PERFH009.DAT
----a-w 262,144 2007-09-23 18:35:09 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT
----a-w 16,384 2004-10-02 21:17:41 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
----a-w 32,768 2004-10-02 21:17:41 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
----a-w 32,768 2004-10-02 21:17:41 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{290B0BC8-28EC-4AAE-A0A9-03F934072F4F}]
C:\WINDOWS\System32\awtsr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9605F489-13A0-4F56-B644-FAEE906249C0}]
2002-08-29 06:00 91648 --a------ C:\WINDOWS\System32\DSPRPRE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5C6C2CC-2F85-4676-72B3-2A4A5975F51E}]
C:\Program Files\MSN\viki.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ded915e4-a74a-4d3a-be65-ef2bf288f08d}]
2007-08-18 09:04 92910 --a------ C:\WINDOWS\system32\IFSa3d.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 12:55]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 12:51]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 02:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-08-27 20:31]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 15:45]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 15:45]
"DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [2005-10-13 23:26]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 19:46]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 14:38]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-04 18:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-26 12:00]
"HostManager"="C:\Program Files\Common Files\AOL\1154617031\ee\AOLSoftware.exe" [2006-03-08 14:38]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 11:57]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 22:05]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-06-26 01:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 06:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 16:08]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 20:34]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34]
"mukw"="C:\PROGRA~1\COMMON~1\mukw\mukwm.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0a\aoltray.exe [2005-03-24 16:12:30]
DESKTOP.INI [2002-09-03 10:00:00]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2004-12-27 17:31:12]

C:\DOCUME~1\Jamie\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]

C:\DOCUME~1\Jay\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IFSa3d]
IFSa3d.dll 2007-08-18 09:04 92910 C:\WINDOWS\SYSTEM32\IFSa3d.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\mllmljg.dll

R2 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM

.
Contents of the 'Scheduled Tasks' folder
"2004-10-02 21:21:42 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2007-09-23 20:20:32 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jamie.job"
"2007-09-11 13:00:05 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-25 19:09:13
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-25 19:09:58
C:\ComboFix-quarantined-files.txt ... 2007-09-25 19:09
C:\ComboFix2.txt ... 2007-09-23 14:44
.
--- E O F ---

Here is the report.txt, I'm still having problems with IE locking up and other windows opening but not as bad. I'll post the Hijackthis next

SDFix: Version 1.107

Run by Jamie on Tue 09/25/2007 at 07:54 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Fri 7 May 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0a\aolphx.exe"
Fri 7 May 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0a\aoltray.exe"
Fri 7 May 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0a\RBM.exe"
Thu 3 Aug 2006 3,679 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"

Finished!


Here's the Hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 8:12:58 PM, on 9/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1154617031\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wowway.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {9605F489-13A0-4F56-B644-FAEE906249C0} - C:\WINDOWS\System32\DSPRPRE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154617031\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [mukw] C:\PROGRA~1\COMMON~1\mukw\mukwm.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphoto...ploadClient.cab
O20 - Winlogon Notify: IFSa3d - C:\WINDOWS\SYSTEM32\IFSa3d.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


I hope this is everything from this log.
Thanks again, I really appreciate the help!!!
bbhetch

Hello again,

Your logs are improving, so lets continue!

Step 1
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 2 and save it to your desktop.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 2...allows end-users to run Java applications".
• Click the "Download" button to the right.
• Read the License Agreement and then check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Step 2
First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

• Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
• Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
• On the main screen select the icon "Update" then select the "Update now" link.
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

NOTE: if you are unable to update the definition files, you can perform manual update by going to the following site http://www.ewido.net...wnload/updates/

NOTE: if you are unable to run scan with AVG Anti-Spyware in Safe Mode, Click the next link http://fileserver.ew...ic.cgi?id=20990 and download AVG_Anti-Spyware_7.5.1.36_Safe_Mode_Registry_Patch.reg to your desktop. It should look like this -> double click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
• Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Edited by MoNsTeReNeRgY22, 25 September 2007 - 08:34 PM.

Hi,
I'm back working on this problem, we had a death in the family. I followed your directions but there wasn't a report at the end of running AVG, I ran the complete scan and applied all actions. I even rechecked to make sure the correct boxes were checked and unchecked. Here is a hijackthis log since I can't give you the other one. Hope this helps.

Logfile of HijackThis v1.99.1
Scan saved at 11:33:10 PM, on 10/5/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1154617031\ee\AOLSoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\update\update.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wowway.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\System32\tmp54.tmp.dll
O2 - BHO: (no name) - {9605F489-13A0-4F56-B644-FAEE906249C0} - C:\WINDOWS\System32\DSPRPRE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154617031\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [mukw] C:\PROGRA~1\COMMON~1\mukw\mukwm.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\IFSa3d.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\IFSa3d.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1191640575343
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphoto...ploadClient.cab
O20 - Winlogon Notify: IFSa3d - C:\WINDOWS\SYSTEM32\IFSa3d.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

I really appreciate your sticking with me on this.
Thanks,
bbhetch

Hello again,

1)Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\System32\tmp54.tmp.dll
O2 - BHO: (no name) - {9605F489-13A0-4F56-B644-FAEE906249C0} - C:\WINDOWS\System32\DSPRPRE.dll
O4 - HKCU\..\Run: [mukw] C:\PROGRA~1\COMMON~1\mukw\mukwm.exe

Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

2)Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\mukw
  C:\Program Files\Common Files\mukw
  C:\Program Files\mukw
  C:\WINDOWS\System32\DSPRPRE.dll
  C:\WINDOWS\System32\tmp54.tmp.dll
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
• Close OTMoveIt

*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

3)Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction Here for installation.
• Accept the License Agreement.
• Once the ActiveX installs, Click Full System Scan
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish, so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
• Click the Show Report button
• Please highlight everything inside the box, right-click, and choose copy.
• Please paste the information here for me.

Here's the scan report from F-Secure

Scanning Report
Saturday, October 06, 2007 14:46:17 - 15:53:32
Computer name: DD2XDL51
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 58 malware found
Backdoor.Win32.Agent.bfd (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP628\A0038936.DLL (Renamed & Submitted)
Toolbar.Softo (spyware)
System (Disinfected)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
Trojan-Downloader.Win32.ConHook.bg (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP626\A0037456.DLL (Renamed & Submitted)
Trojan-Downloader:W32/Agent.EZX (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP628\A0038841.EXE (Renamed & Submitted)
Trojan-Dropper.Win32.Agent.bgh (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP629\A0039135.EXE (Renamed)
Trojan-Dropper.Win32.Agent.bxm (virus)
C:\WINDOWS\SYSTEM32\DHCPSAP.DLL (Renamed & Submitted)
Trojan.Win32.Agent.aoy (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP628\A0038838.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP628\A0038845.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP628\A0038847.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP628\A0038851.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP628\A0038855.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP628\A0038859.EXE (Renamed & Submitted)
Trojan.Win32.Agent.bur (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP628\A0038835.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP625\A0037276.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP625\A0037301.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP625\A0037302.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP625\A0037303.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP625\A0037304.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP625\A0037305.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP625\A0037306.EXE (Renamed & Submitted)
Trojan.Win32.Delf.aht (virus)
C:\DOCUMENTS AND SETTINGS\JAMIE\LOCAL SETTINGS\TEMP\SCH16.DLL (Renamed & Submitted)
Trojan.Win32.StartPage.bah (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0039365.DLL (Renamed & Submitted)
Vundo.gen38 (virus)
C:\WINDOWS\IJLOPO.INI (Submitted)
W32/BHO.QG (virus)
C:\WINDOWS\SYSTEM32\DS32G.DLL (Submitted)
C:\WINDOWS\SYSTEM32\DSPRPRE.DLL (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP638\A0039400.DLL (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP637\A0039364.EXE (Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP633\A0039344.DLL (Submitted)
C:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20071006-132143-532.DLL (Submitted)
W32/BHO.QG.dropper (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP630\A0039192.EXE (Submitted)
W32/DLoader.BFLL.dropper (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP625\A0037314.EXE
W32/Horst.gen33 (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP628\A0038928.EXE (Submitted)
W32/Smalltroj.BINO.dropper (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP628\A0038868.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 33292
System: 4626
Not scanned: 4
Actions:
Disinfected: 2
Renamed: 21
Deleted: 0
None: 35
Submitted: 30
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{2EC3DE73-B29B-4F56-9B06-6D385B3EFEC6}.BIN

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-10-05
F-Secure AVP: 7.0.171, 2007-10-06
F-Secure Orion: 1.2.37, 2007-10-06
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0596-150-72
F-Secure Pegasus: 1.19.0, 2007-09-02
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics

This is the report from _OTMoveIt

Folder move failed. C:\WINDOWS\mukw\wu scheduled to be moved on reboot.
C:\WINDOWS\mukw moved successfully.
Folder move failed. C:\Program Files\Common Files\mukw\mukwh scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\mukw\mukwd\class-barrel scheduled to be moved on reboot.
C:\Program Files\Common Files\mukw\mukwd moved successfully.
C:\Program Files\Common Files\mukw moved successfully.
File/Folder C:\Program Files\mukw not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\DSPRPRE.dll
C:\WINDOWS\System32\DSPRPRE.dll NOT unregistered.
File move failed. C:\WINDOWS\System32\DSPRPRE.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\System32\tmp54.tmp.dll not found.
File/Folder not found.
File/Folder not found.

Created on 10/06/2007 13:40:06

Here is the Hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 4:13:32 PM, on 10/6/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1154617031\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...earch.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wowway.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9605F489-13A0-4F56-B644-FAEE906249C0} - C:\WINDOWS\System32\DSPRPRE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154617031\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\IFSa3d.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\IFSa3d.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1191640575343
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphoto...ploadClient.cab
O20 - Winlogon Notify: IFSa3d - C:\WINDOWS\SYSTEM32\IFSa3d.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

I am going to to reinstall Norton Antivirus 2007

Thanks for the help so far.
Bbhetch

Hi againn,

Sounds good on Norton.

Step 1
Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {9605F489-13A0-4F56-B644-FAEE906249C0} - C:\WINDOWS\System32\DSPRPRE.dll

Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

Step 2

• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\IJLOPO.INI
  C:\WINDOWS\SYSTEM32\DS32G.DLL
  C:\WINDOWS\SYSTEM32\DSPRPRE.DLL
  C:\WINDOWS\SYSTEM32\DHCPSAP.DLL
  C:\WINDOWS\System32\DSPRPRE.dll
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
• Close OTMoveIt

*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

Step 3
Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.