A couple of weeks ago I logged on and my desktop loaded up, but without my Icons.
The only way I get to where I need to is by
Ctrl/Alt/Delete, going to task manager and typing explorer. After typing this the
Icons come up and I can go to whatever program I wish. I get alot of pop ups
and I have run Spybot and Adaware. I've
taken my cursor around the desktop to see if
the Icons are hidden. I've done the Windows key and "r" key at the same time and
nothing. I'm at a loss and have been told I need to unintall and reinstall my operating system. I really don't want to do this if I don't have to because of losing things. Can anyone help me! I'm not a computer person, but can follow directions.
Thanks!

Please download and install the latest version of HijackThis v2.0.2:

Download the HijackThis Installer from this link: HijackThis

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download VundoFix.exe to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Post the log located at C:Vundofix.txt.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:22 PM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - - C:\WINDOWS\system32\dvdecp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winC9B.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvtox.dll,startup
O4 - HKLM\..\Run: [qvovcnqx] rundll32.exe "C:\Program Files\lqbmdkpe\vszyzqne.dll",Init
O4 - HKLM\..\Run: [vctixalu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\vctixalu.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\egniyrhi.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2256704261-6780433-236115749-1026\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2256704261-6780433-236115749-1026\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2256704261-6780433-236115749-1026\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-2256704261-6780433-236115749-1030\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-2256704261-6780433-236115749-1030\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\dvdecp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\dvdecp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/open... (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccomm...
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v1...
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v1...
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v1...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/de...
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagame...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://photolabstore.lifepics.com/n...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v1...
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06...
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: c:\windows\system32\ssqpppq.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Ddihid32.dll
O21 - SSODL: milxOF - {D0DBDEA5-7A71-740F-8DC7-ED5AB203F224} - C:\WINDOWS\system32\oq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ihfejkvl.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9197 bytes

I ran the VundoFix and there is one file
that cannot be deleted:
C:\windows\system32\ssqppq.dll

Here is the VundoFix log:

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 10:19:03 PM 9/2/2007

Listing files found while scanning....

C:\windows\system32\btievrwj.ini
C:\windows\system32\cocncook.dll
C:\windows\system32\egniyrhi.dll
C:\windows\system32\eihajhyf.dll
C:\windows\system32\fbeyfxxq.ini
C:\windows\system32\fyhjahie.ini
C:\windows\system32\gwpjejfy.dll
C:\windows\system32\ihryinge.ini
C:\windows\system32\ilgflucx.dll
C:\windows\system32\ixafvnpt.ini
C:\windows\system32\jcdoypqu.dll
C:\windows\system32\jwrveitb.dll
C:\windows\system32\koocncoc.ini
C:\windows\system32\ncubckmy.dll
C:\windows\system32\ndvscpuq.dll
C:\windows\system32\owygcbsx.dll
C:\WINDOWS\system32\pmnlk.dll
C:\windows\system32\qupcsvdn.ini
C:\WINDOWS\system32\qxxfyebf.dll
C:\windows\system32\ssqpppq.dll
C:\WINDOWS\system32\tmp3654.tmp.dll
C:\windows\system32\tpnvfaxi.dll
C:\windows\system32\uqpyodcj.ini
C:\windows\system32\xculfgli.ini
C:\windows\system32\xsbcgywo.ini
C:\windows\system32\yfjejpwg.ini
C:\windows\system32\ymkcbucn.ini

Beginning removal...

Attempting to delete C:\windows\system32\btievrwj.ini
C:\windows\system32\btievrwj.ini Has been deleted!

Attempting to delete C:\windows\system32\cocncook.dll
C:\windows\system32\cocncook.dll Has been deleted!

Attempting to delete C:\windows\system32\egniyrhi.dll
C:\windows\system32\egniyrhi.dll Has been deleted!

Attempting to delete C:\windows\system32\eihajhyf.dll
C:\windows\system32\eihajhyf.dll Has been deleted!

Attempting to delete C:\windows\system32\fbeyfxxq.ini
C:\windows\system32\fbeyfxxq.ini Has been deleted!

Attempting to delete C:\windows\system32\fyhjahie.ini
C:\windows\system32\fyhjahie.ini Has been deleted!

Attempting to delete C:\windows\system32\gwpjejfy.dll
C:\windows\system32\gwpjejfy.dll Has been deleted!

Attempting to delete C:\windows\system32\ihryinge.ini
C:\windows\system32\ihryinge.ini Has been deleted!

Attempting to delete C:\windows\system32\ilgflucx.dll
C:\windows\system32\ilgflucx.dll Has been deleted!

Attempting to delete C:\windows\system32\ixafvnpt.ini
C:\windows\system32\ixafvnpt.ini Has been deleted!

Attempting to delete C:\windows\system32\jcdoypqu.dll
C:\windows\system32\jcdoypqu.dll Has been deleted!

Attempting to delete C:\windows\system32\jwrveitb.dll
C:\windows\system32\jwrveitb.dll Has been deleted!

Attempting to delete C:\windows\system32\koocncoc.ini
C:\windows\system32\koocncoc.ini Has been deleted!

Attempting to delete C:\windows\system32\ncubckmy.dll
C:\windows\system32\ncubckmy.dll Has been deleted!

Attempting to delete C:\windows\system32\ndvscpuq.dll
C:\windows\system32\ndvscpuq.dll Has been deleted!

Attempting to delete C:\windows\system32\owygcbsx.dll
C:\windows\system32\owygcbsx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\pmnlk.dll Has been deleted!

Attempting to delete C:\windows\system32\qupcsvdn.ini
C:\windows\system32\qupcsvdn.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qxxfyebf.dll
C:\WINDOWS\system32\qxxfyebf.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqpppq.dll
C:\windows\system32\ssqpppq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tmp3654.tmp.dll
C:\WINDOWS\system32\tmp3654.tmp.dll Has been deleted!

Attempting to delete C:\windows\system32\tpnvfaxi.dll
C:\windows\system32\tpnvfaxi.dll Has been deleted!

Attempting to delete C:\windows\system32\uqpyodcj.ini
C:\windows\system32\uqpyodcj.ini Has been deleted!

Attempting to delete C:\windows\system32\xculfgli.ini
C:\windows\system32\xculfgli.ini Has been deleted!

Attempting to delete C:\windows\system32\xsbcgywo.ini
C:\windows\system32\xsbcgywo.ini Has been deleted!

Attempting to delete C:\windows\system32\yfjejpwg.ini
C:\windows\system32\yfjejpwg.ini Has been deleted!

Attempting to delete C:\windows\system32\ymkcbucn.ini
C:\windows\system32\ymkcbucn.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 10:27:10 PM 9/2/2007

Listing files found while scanning....

C:\windows\system32\ssqpppq.dll

Beginning removal...

Attempting to delete C:\windows\system32\ssqpppq.dll
C:\windows\system32\ssqpppq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces.

Here are the ComboFix log:
ComboFix 07-08-30.3 - "Teddi Glass" 2007-09-02 23:16:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.651 [GMT -4:00]
* Created a new restore point

[i] ADS removed - svchost.exe: deleted 51712 bytes in 1 streams. [/i]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\TEDDIG~1\APPLIC~1.\Ultimate Cleaner\settings.dat
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp11F8.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp12B0.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp12B1.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp12B6.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp12B8.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp12E0.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp19C7.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp19C8.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp19C9.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp19CA.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp19CF.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp1FED.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp3612.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp3613.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp364F.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp3650.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp3654.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp8CE.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp8D4.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp8D5.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp8D7.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp8D8.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmp8D9.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmpAAC.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmpAAE.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmpB95.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmpB97.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmpC8B.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmpC8F.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmpC90.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmpCB7.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmpCB8.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\tmpCBD.tmp.exe
C:\DOCUME~1\TEDDIG~1\APPLIC~1\Ultimate Cleaner
C:\DOCUME~1\TEDDIG~1\Desktop\Find Spyware Remover.lnk
C:\DOCUME~1\TEDDIG~1\Desktop\Free Online Dating.lnk
C:\DOCUME~1\TEDDIG~1\Desktop\Go to Casino.lnk
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\ecurit~1
C:\Program Files\inetget2
C:\Program Files\Magicantispy
C:\Program Files\Magicantispy\Magicantispy.exe
C:\Program Files\Magicantispy\Magicantispy.lic
C:\Program Files\Magicantispy\Magicantispy0.my
C:\Program Files\Magicantispy\Magicantispy1.my
C:\Program Files\Magicantispy\Uninstall.exe
C:\Program Files\network monitor
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\Program Files\winpop
C:\WINDOWS\avp.exe
C:\WINDOWS\awwuur.dll
C:\WINDOWS\b104.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\bcfhii.ini
C:\WINDOWS\byyaxw.dll
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\iihfcb.dll
C:\WINDOWS\lnponn.ini
C:\WINDOWS\mgrs.exe
C:\WINDOWS\nnopnl.dll
C:\WINDOWS\oporss.ini
C:\WINDOWS\ppatch~1
C:\WINDOWS\ppatch~1\??pPatch\
C:\WINDOWS\prssut.ini
C:\WINDOWS\ruuwwa.ini
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\ssropo.dll
C:\WINDOWS\stvvut.ini
C:\WINDOWS\system32\5_exception.nls
C:\WINDOWS\system32\agjlxjgm.exe
C:\WINDOWS\system32\awvvu.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\bxjia.dll
C:\WINDOWS\system32\cpfhuiwa.exe
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\drvtal.dll
C:\WINDOWS\system32\duoywgen.exe
C:\WINDOWS\system32\dvdecp.dll
C:\WINDOWS\system32\fadiamuq.dll
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\gyqycaxn.exe
C:\WINDOWS\system32\hgghgdb.dll
C:\WINDOWS\system32\hlpsrv.exe
C:\WINDOWS\system32\hwpwdrjc.exe
C:\WINDOWS\system32\kldpiimu.ini
C:\WINDOWS\system32\klnmp.bak1
C:\WINDOWS\system32\klnmp.bak2
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\klnmp.tmp
C:\WINDOWS\system32\ktuehohs.exe
C:\WINDOWS\system32\nvfmuhfr.ini
C:\WINDOWS\system32\oxqoanqr.exe
C:\WINDOWS\system32\pbgaelxa.exe
C:\WINDOWS\system32\pdudufqw.ini
C:\WINDOWS\system32\qumaidaf.ini
C:\WINDOWS\system32\qxviflvb.exe
C:\WINDOWS\system32\rfhumfvn.dll
C:\WINDOWS\system32\ssqopnk.dll
C:\WINDOWS\system32\ssqpppq.dll
C:\WINDOWS\system32\tcrkncyp.exe
C:\WINDOWS\system32\tmp12B6.tmp.dll
C:\WINDOWS\system32\tmp12E0.tmp.dll
C:\WINDOWS\system32\tmp19CF.tmp.dll
C:\WINDOWS\system32\tmp1A.tmp.dll
C:\WINDOWS\system32\tmp1FED.tmp.dll
C:\WINDOWS\system32\tmp2D.tmp.dll
C:\WINDOWS\system32\tmp43.tmp.dll
C:\WINDOWS\system32\tmp48.tmp.dll
C:\WINDOWS\system32\tmp8D8.tmp.dll
C:\WINDOWS\system32\tmp8D9.tmp.dll
C:\WINDOWS\system32\tmpB6C.tmp.dll
C:\WINDOWS\system32\tmpC7A.tmp.dll
C:\WINDOWS\system32\tmpCBC.tmp.dll
C:\WINDOWS\system32\tmpCBD.tmp.dll
C:\WINDOWS\system32\umiipdlk.dll
C:\WINDOWS\system32\vtutt.exe
C:\WINDOWS\system32\winepi32.dll
C:\WINDOWS\system32\winzoa32.dll
C:\WINDOWS\system32\wqfududp.dll
C:\WINDOWS\system32\zzhwdi.dll
C:\WINDOWS\tsks~1
C:\WINDOWS\tsks~1\w?nspool.exe
C:\WINDOWS\tussrp.dll
C:\WINDOWS\tuvvts.dll
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\wr.txt

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_ICF
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\DomainService
-------\Network Monitor
-------\nm
-------\runtime

((((((((((((((((((((((((( Files Created from 2007-08-03 to 2007-09-03 )))))))))))))))))))))))))))))))

2007-09-02 23:13 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-02 22:19 <DIR> d-------- C:\VundoFix Backups
2007-09-02 22:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-29 07:05 102,400 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\vctixalu.dll
2007-08-29 07:05 <DIR> d-------- C:\WINDOWS\system32\wdqpokti
2007-08-29 07:05 <DIR> d-------- C:\Program Files\Xqnttnvb
2007-08-29 07:05 <DIR> d-------- C:\Program Files\lqbmdkpe
2007-08-29 07:04 93,696 --a------ C:\WINDOWS\system32\drvtox.dll
2007-08-29 07:04 15,360 --a------ C:\WINDOWS\system32\drvtoxr.dll
2007-08-28 20:26 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-28 20:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-28 20:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-27 17:43 94,208 --a------ C:\WINDOWS\system32\MailSpectre.exe
2007-08-27 17:43 18,176 --a------ C:\WINDOWS\system32\drivers\smtpdrv.sys
2007-08-22 07:00 15,360 --a------ C:\WINDOWS\system32\drvtalr.dll
2007-08-22 06:56 69,689 --a------ C:\Program Files\setup.exe
2007-08-21 11:20 6,657 --a------ C:\WINDOWS\system32\Ddihid32.dll
2007-08-20 01:53 1,201,356 --a------ C:\WINDOWS\system32\dnd0dbdea4.dat
2007-08-19 23:48 94,713 --a------ C:\WINDOWS\system32\biosave.dll
2007-08-15 17:04 492,544 --a------ C:\WINDOWS\system32\HtBt.dll
2007-08-14 19:11 514,560 --a------ C:\WINDOWS\system32\GE.dll
2007-08-14 19:11 <DIR> d-------- C:\Program Files\SoftPortal
2007-08-14 18:47 348,845 --a------ C:\WINDOWS\system32\head.exe
2007-08-14 12:21 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-08-13 22:27 <DIR> d--hs---- C:\WINDOWS\VGVkZGkgR2xhc3M
2007-08-13 22:27 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-08-11 20:14 <DIR> d-------- C:\Program Files\MySpace
2007-08-11 11:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-08-07 13:58 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-27 2rogram Files\Google
2007-08-27 2OCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-27 2OCUME~1\TEDDIG~1\APPLIC~1\Lavasoft
2007-08-26 2rogram Files\AIM
2007-08-26 2rogram Files\Common Files\AOL
2007-08-26 2OCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-08-26 2rogram Files\Common Files\aolshare
2007-08-24 2rogram Files\InstallShield Installation Information
2007-08-24 2rogram Files\Strategic Design
2007-08-21 1rogram Files\Yahoo!
2007-08-21 1rogram Files\SimTheme Park
2007-08-21 1rogram Files\GameHouse
2007-08-21 1rogram Files\Rack Em Up Roadtrip
2007-08-21 1rogram Files\Oberon Media
2007-08-21 1rogram Files\Ice Cream Tycoon
2007-08-21 1rogram Files\Five Card Deluxe
2007-08-21 11:19 14336 --a------ C:\WINDOWS\system32\svchost.exe
2007-08-21 11:19 14336 --a------ C:\WINDOWS\system32\dllcache\svchost.exe
2007-08-11 11:41 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-18 2OCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-11 0OCUME~1\TEDDIG~1\APPLIC~1\AdobeUM
2007-06-26 11:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:09 658944 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 04:27 363520 --a------ C:\WINDOWS\system32\dllcache\w3svc.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 14:09 96256 --------- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 14:09 615424 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 14:09 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 14:09 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 14:09 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 14:09 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 14:09 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 14:09 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 14:09 3058688 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 14:09 251392 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 14:09 205312 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 14:09 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 14:09 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 14:09 1494528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 14:09 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 14:09 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 14:09 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 10:07 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-10 00:30 40960 --a------ C:\Program Files\Uninstall_CDS.exe
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\VGVkZGkgR2xhc3M\p3p4t340lZU1wag.vbs

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18D8C6D8-E64A-470F-99A7-B78EBCF25A3F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24CBFE2B-8563-4A91-BA8A-C0AC9761923B}]
C:\WINDOWS\system32\pmnlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F5E9987-FD12-408E-3612-018845CDF059}]
2007-08-29 07:05 102400 --a------ C:\Program Files\Xqnttnvb\itdmbzff.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91FE2F43-BBC2-4083-9FCF-D0F39F7BDB7D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF3446E8-FC32-4E55-9C56-0B8DA015FC10}]
2007-08-15 01:02 514560 --a------ C:\WINDOWS\system32\GE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 22:05]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-09-21 11:46]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"DellHelp"="C:\Dell\DellHelp\DellHelp.exe" [2004-04-01 16:51]
"SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-13 01:46]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-28 22:29]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11:06]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"qvovcnqx"="C:\Program Files\lqbmdkpe\vszyzqne.dll" [2007-08-29 07:05]
"vctixalu"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\vctixalu.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-28 20:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\DOCUME~1\ETHANG~1\STARTM~1\Programs\Startup\
PowerReg Scheduler V3.exe [2006-11-22 14:05:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Internet Explorer"= {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Ddihid32.dll [2007-08-21 11:20 6657]
"milxOF"= {D0DBDEA5-7A71-740F-8DC7-ED5AB203F224} - C:\WINDOWS\system32\oq.dll [2006-08-21 11:20 14848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\biosave]
biosave.dll 2007-08-19 23:48 94713 C:\WINDOWS\system32\biosave.dll

R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R1 smtpdrv;smtpdrv;C:\WINDOWS\system32\DRIVERS\smtpdrv.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys

Contents of the 'Scheduled Tasks' folder
2007-08-20 19:52:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 23:27:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-02 23:29:28 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-02 23:29

--- E O F ---

Go to this link, http://virusscan.jotti.org/ copy the following files one at the time into the "upload and scan box", click submit then post the results.

C:\WINDOWS\system32\oq.dll

:\WINDOWS\VGVkZGkgR2xhc3M\p3p4t340lZU1wag.vbs

C:\WINDOWS\system32\Ddihid32.dll

Please download “Avenger” by swandog46 to your desktop from this link http://swandog46.geekstogo.com/avenger.zip

1. Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the area between the X"s below to your Clipboard by highlighting it and pressing (Ctrl+C):
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Files to delete:
C:\Program Files\lqbmdkpe\vszyzqne.dll
C:\Program Files\Xqnttnvb\itdmbzff.dll
C:\windows\system32\ssqppq.dll
C:\Documents and Settings\All Users\Application Data\vctixalu.dll

Folders to delete:
C:\Program Files\lqbmdkpe
C:\Program Files\Xqnttnvb
C:\WINDOWS\system32\wdqpokti
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Please run Notepad and copy the following text into a new file. Go to start>run type notepad the press enter. Copy/paste the everything between the X's into notepad:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sc stop DomainService
sc stop Network Monitor

sc delete DomainService
sc delete Network Monitor
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Click "file" then click "save as" then click the blue drop down arrow on the right and double click "all files". In the "file name" box type remove.bat then in the "save in" box select desktop. Next click save. You should now have a file "remove.bat" on your desktop.

Double-Click on the file remove.bat, a small DOS type window should open and close immediately.

Post a new Hijack This log please and the info requested above.

It is taking quite a long time to get the
first part of this done. The server at this website is extremly busy. I'll get back with you as soon as I can get these files scanned. Thanks.

I can't seem to get the first part of this done because of the server being busy.
Should I go ahead and do the next steps and
keep trying the first step?

Yes, do the steps and post the new hijack this log.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\eqxbvppo

*******************

Script file located at: \??\C:\WINDOWS\ichwudcp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Program Files\lqbmdkpe\vszyzqne.dll deleted successfully.
File C:\Program Files\Xqnttnvb\itdmbzff.dll deleted successfully.

File C:\windows\system32\ssqppq.dll not found!
Deletion of file C:\windows\system32\ssqppq.dll failed!

Could not process line:
C:\windows\system32\ssqppq.dll
Status: 0xc0000034

File C:\Documents and Settings\All Users\Application Data\vctixalu.dll deleted successfully.
Folder C:\Program Files\lqbmdkpe deleted successfully.
Folder C:\Program Files\Xqnttnvb deleted successfully.
Folder C:\WINDOWS\system32\wdqpokti deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

From HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:22 PM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18D8C6D8-E64A-470F-99A7-B78EBCF25A3F} - (no file)
O2 - BHO: (no name) - {24CBFE2B-8563-4A91-BA8A-C0AC9761923B} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Program Files\Xqnttnvb\itdmbzff.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {91FE2F43-BBC2-4083-9FCF-D0F39F7BDB7D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {EF3446E8-FC32-4E55-9C56-0B8DA015FC10} - C:\WINDOWS\system32\GE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [qvovcnqx] rundll32.exe "C:\Program Files\lqbmdkpe\vszyzqne.dll",Init
O4 - HKLM\..\Run: [vctixalu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\vctixalu.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/open... (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccomm...
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v1...
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v1...
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v1...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/de...
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagame...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://photolabstore.lifepics.com/n...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v1...
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06...
O20 - Winlogon Notify: biosave - C:\WINDOWS\SYSTEM32\biosave.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Ddihid32.dll
O21 - SSODL: milxOF - {D0DBDEA5-7A71-740F-8DC7-ED5AB203F224} - C:\WINDOWS\system32\oq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9721 bytes

Try the online file scanner at this link Virustotal and check the following files:

C:\WINDOWS\system32\oq.dll

C:\WINDOWS\VGVkZGkgR2xhc3M\p3p4t340lZU1wag.vbs

C:\WINDOWS\system32\Ddihid32.dll

C:\WINDOWS\SYSTEM32\biosave.dll

Then post the results.

File p3p4t340lZU1wag.vbs received on 09.03.2007 21:57:58 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 12/31 (38.71%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.9.1.0 2007.09.03 -
AntiVir 7.4.1.66 2007.09.03 ADSPY/Isearch
Authentium 4.93.8 2007.09.02 -
Avast 4.7.1029.0 2007.09.03 -
AVG 7.5.0.485 2007.09.03 -
BitDefender 7.2 2007.09.03 Adware.Isearch.D
CAT-QuickHeal 9.00 2007.09.03 -
ClamAV 0.91.2 2007.09.03 -
DrWeb 4.33 2007.09.03 -
eSafe 7.0.15.0 2007.09.03 Spyware.Gen
eTrust-Vet 31.1.5105 2007.09.03 -
Ewido 4.0 2007.09.03 Trojan.Small
FileAdvisor 1 2007.09.03 -
Fortinet 3.11.0.0 2007.09.03 Adware/Isearch
F-Prot 4.3.2.48 2007.09.02 -
F-Secure 6.70.13030.0 2007.09.03 -
Ikarus T3.1.1.12 2007.09.03 -
Kaspersky 4.0.2.24 2007.09.03 -
McAfee 5111 2007.09.03 potentially unwanted program Adware-Isearch
Microsoft 1.2803 2007.09.03 Adware:Win32/CMDService
NOD32v2 2500 2007.09.03 -
Norman 5.80.02 2007.09.03 VBS/CommAd.A
Panda 9.0.0.4 2007.09.03 Adware/CommAd
Prevx1 V2 2007.09.03 Generic.Malware
Rising 19.39.02.00 2007.09.03 -
Sophos 4.21.0 2007.09.03 CommAd
Sunbelt 2.2.907.0 2007.08.31 -
TheHacker 6.1.9.175 2007.09.02 -
VBA32 3.12.2.3 2007.09.03 -
VirusBuster 4.3.26:9 2007.09.03 -
Webwasher-Gateway 6.0.1 2007.09.03 Ad-Spyware.Isearch
Additional information
File size: 472 bytes
MD5: 387edbb90a5275d1b464eb31f3162c40
SHA1: 40c7e89572e2bee9f8bd24a0163c500205d0cfb8
Prevx info: http://fileinfo.prevx.com/fileinfo....

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

File Ddihid32.dll received on 09.03.2007 22:08:41 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 27/31 (87.1%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 46 and 66 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.9.1.0 2007.09.03 Win-Trojan/Padodor.6657.I
AntiVir 7.4.1.66 2007.09.03 BDS/Padodor.SA
Authentium 4.93.8 2007.09.02 W32/Berbew.R
Avast 4.7.1029.0 2007.09.03 Win32:Trojan-gen. {Other}
AVG 7.5.0.485 2007.09.03 BackDoor.Generic.GFQ
BitDefender 7.2 2007.09.03 Backdoor.Padodor.G1
CAT-QuickHeal 9.00 2007.09.03 Backdoor.Padodor.gen
ClamAV 0.91.2 2007.09.03 Trojan.Padodor-7
DrWeb 4.33 2007.09.03 BackDoor.HangUp.27
eSafe 7.0.15.0 2007.09.03 -
eTrust-Vet 31.1.5105 2007.09.03 Win32/Jeeber.A
Ewido 4.0 2007.09.03 Backdoor.Padodor
FileAdvisor 1 2007.09.03 -
Fortinet 3.11.0.0 2007.09.03 W32/Padodor.A!tr.bdr
F-Prot 4.3.2.48 2007.09.02 W32/Berbew.R
F-Secure 6.70.13030.0 2007.09.03 Backdoor.Win32.Padodor.gen
Ikarus T3.1.1.12 2007.09.03 Backdoor.Win32.Padodor
Kaspersky 4.0.2.24 2007.09.03 Backdoor.Win32.Padodor.gen
McAfee 5111 2007.09.03 BackDoor-AXJ.dll.gen
Microsoft 1.2803 2007.09.03 Backdoor:Win32/Berbew.AZ
NOD32v2 2500 2007.09.03 Win32/Padodor.AX
Norman 5.80.02 2007.09.03 -
Panda 9.0.0.4 2007.09.03 Bck/Webber.BF
Prevx1 V2 2007.09.03 Generic.Malware
Rising 19.39.02.00 2007.09.03 Backdoor.Padodor.aw
Sophos 4.21.0 2007.09.03 Troj/Proxma-A
Sunbelt 2.2.907.0 2007.08.31 -
Symantec 10 2007.09.03 Backdoor.Berbew.T
TheHacker 6.1.9.175 2007.09.02 Backdoor/Padodor.gen
VBA32 3.12.2.3 2007.09.03 Backdoor.Win32.Padodor.gen
VirusBuster 4.3.26:9 2007.09.03 Backdoor.Padodor.BL
Additional information
File size: 6657 bytes
MD5: c1010b3c6a03c903fa01c3faca14c257
SHA1: d1e422b09771ae2eda1be5d79c27c433bb296150
Prevx info: http://fileinfo.prevx.com/fileinfo....

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no

File biosave.dll received on 09.03.2007 22:24:07 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 19/32 (59.38%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.9.1.0 2007.09.03 -
AntiVir 7.4.1.66 2007.09.03 TR/Dldr.ConHook.Gen
Authentium 4.93.8 2007.09.02 W32/Downldr2.QME
Avast 4.7.1029.0 2007.09.03 -
AVG 7.5.0.485 2007.09.03 Obfustat.ITY
BitDefender 7.2 2007.09.03 -
CAT-QuickHeal 9.00 2007.09.03 -
ClamAV 0.91.2 2007.09.03 -
DrWeb 4.33 2007.09.03 Trojan.Virtumod
eSafe 7.0.15.0 2007.09.03 Win32.ConHook.bg
eTrust-Vet 31.1.5105 2007.09.03 -
Ewido 4.0 2007.09.03 -
FileAdvisor 1 2007.09.03 -
Fortinet 3.11.0.0 2007.09.03 W32/ConHook.BG!tr.dldr
F-Prot 4.3.2.48 2007.09.02 W32/Downldr2.QME
F-Secure 6.70.13030.0 2007.09.03 Trojan-Downloader.Win32.ConHook.bg
Ikarus T3.1.1.12 2007.09.03 MemScanTrojan.Juan.V
Kaspersky 4.0.2.24 2007.09.03 Trojan-Downloader.Win32.ConHook.bg
McAfee 5111 2007.09.03 -
Microsoft 1.2803 2007.09.03 Trojan:Win32/ConHook.B
NOD32v2 2500 2007.09.03 -
Norman 5.80.02 2007.09.03 W32/ConHook.DW
Panda 9.0.0.4 2007.09.03 Suspicious file
Prevx1 V2 2007.09.03 SpywareQuake
Rising 19.39.02.00 2007.09.03 -
Sophos 4.21.0 2007.09.03 Mal/Generic-A
Sunbelt 2.2.907.0 2007.08.31 Trojan-Downloader.Win32.ConHook.gen
Symantec 10 2007.09.03 Trojan Horse
TheHacker 6.1.9.175 2007.09.02 -
VBA32 3.12.2.3 2007.09.03 -
VirusBuster 4.3.26:9 2007.09.03 Packed/RLPack
Webwasher-Gateway 6.0.1 2007.09.03 Trojan.Dldr.ConHook.Gen
Additional information
File size: 94713 bytes
MD5: d57b1f401608c59d2c05275886382184
SHA1: a7320a182bfc187905fd1859c455955dc8aa356e
Prevx info: http://fileinfo.prevx.com/fileinfo....
Sunbelt info: Trojan-Downloader.Win32.ConHook.gen is a program that contacts remote websites, then downloads and executes additional malware in the infected machine.

ATTENTION: VirusTotal is a free service offered by Hispasec Sistema

When I try to have the file:
C:\WINDOWS\system32\oq.dll
scanned everytime I thrown to
a "cannot find server" page. I'll
try to keep having this file scanned,
but it seems I may not be able to.
Thanks

Run The code between the X's in avenger.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Files to delete:
C:\WINDOWS\system32\oq.dll
C:\WINDOWS\VGVkZGkgR2xhc3M\p3p4t340lZU1wag.vbs
C:\WINDOWS\system32\Ddihid32.dll
C:\WINDOWS\SYSTEM32\biosave.dll
C:\WINDOWS\system32\GE.dll
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

Folders to delete:
C:\WINDOWS\VGVkZGkgR2xhc3M
C:\Program Files\RXToolBar

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: (no name) - {18D8C6D8-E64A-470F-99A7-B78EBCF25A3F} - (no file)

O2 - BHO: (no name) - {24CBFE2B-8563-4A91-BA8A-C0AC9761923B} - C:\WINDOWS\system32\pmnlk.dll (file missing)

O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Program Files\Xqnttnvb\itdmbzff.dll (file missing)

O2 - BHO: (no name) - {91FE2F43-BBC2-4083-9FCF-D0F39F7BDB7D} - (no file)

O2 - BHO: (no name) - {EF3446E8-FC32-4E55-9C56-0B8DA015FC10} - C:\WINDOWS\system32\GE.dll

O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [qvovcnqx] rundll32.exe "C:\Program Files\lqbmdkpe\vszyzqne.dll",Init

O4 - HKLM\..\Run: [vctixalu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\vctixalu.dll"

O20 - Winlogon Notify: biosave - C:\WINDOWS\SYSTEM32\biosave.dll

O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Ddihid32.dll

O21 - SSODL: milxOF - {D0DBDEA5-7A71-740F-8DC7-ED5AB203F224} - C:\WINDOWS\system32\oq.dll

Exit hijack This

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Post the AVG log and a new Hijack This log.

Your Java is out of date. Download the latest version of http://java.sun.com/javase/downloads/index.jsp

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".

Click the "Download" button to the right.

Check the box that says: "Accept License Agreement". The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.

Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed

. Then from your desktop double-click on jre-1_6_2-windowsi586-p.exe to install the newest version.

Working on the other items.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\aidnjsuu

*******************

Script file located at: \??\C:\xbhjsmev.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\oq.dll deleted successfully.
File C:\WINDOWS\VGVkZGkgR2xhc3M\p3p4t340lZU1wag.vbs deleted successfully.
File C:\WINDOWS\system32\Ddihid32.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\biosave.dll deleted successfully.
File C:\WINDOWS\system32\GE.dll deleted successfully.

Could not open file C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe for deletion
Deletion of file C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe failed!

Could not process line:
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
Status: 0xc000003a

Folder C:\WINDOWS\VGVkZGkgR2xhc3M deleted successfully.

Folder C:\Program Files\RXToolBar not found!
Deletion of folder C:\Program Files\RXToolBar failed!

Could not process line:
C:\Program Files\RXToolBar
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

I can't seem to find the last log for
hijack.

I've deleted the old Java and downloaded the
new one.

Here is the AVG:

Trojan horse Generic6.MFW C:\1980575953 9/3/2007 18:56 1980575953 23 KB
Trojan horse Downloader.Generic5.KOU C:\19E2.tmp 9/3/2007 18:56 19E2.tmp 8.57 KB
Trojan horse Downloader.Generic5.KOU C:\1A01.tmp 9/3/2007 18:56 1A01.tmp 8.57 KB
Virus identified Obfustat.IWV C:\263988031 9/3/2007 18:56 263988031 117.91 KB
Virus identified Obfustat.ESF C:\2B.tmp 9/3/2007 18:56 2B.tmp 16.13 KB
Trojan horse Downloader.Zlob.OEQ C:\avenger\backup-Mon 09.03.2007-18.07.59.17.zip 9/3/2007 18:56 backup-Mon 09.03.2007-18.07.59.17.zip 608 KB
Virus identified Obfustat.ITY C:\avenger\backup.zip 9/3/2007 18:56 backup.zip 367.56 KB
Trojan horse Lop.CV C:\qoobox\Quarantine\catchme2007-09-02_232703.06.zip 9/3/2007 20:12 catchme2007-09-02_232703.06.zip 558.48 KB
Trojan horse BHO.ATH C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmp12B6.tmp.exe.vir 9/3/2007 20:12 tmp12B6.tmp.exe.vir 77.73 KB
Trojan horse BHO.ATH C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmp12E0.tmp.exe.vir 9/3/2007 20:12 tmp12E0.tmp.exe.vir 77.73 KB
Trojan horse BHO.AUG C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmp19CF.tmp.exe.vir 9/3/2007 20:12 tmp19CF.tmp.exe.vir 77.74 KB
Trojan horse BHO.AUT C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmp1FED.tmp.exe.vir 9/3/2007 20:12 tmp1FED.tmp.exe.vir 77.55 KB
Trojan horse BHO.AVG C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmp3654.tmp.exe.vir 9/3/2007 20:12 tmp3654.tmp.exe.vir 77.57 KB
Trojan horse BackDoor.Generic8.BIY C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmp8D5.tmp.exe.vir 9/3/2007 20:12 tmp8D5.tmp.exe.vir 54 KB
Trojan horse BackDoor.Generic8.BIY C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmp8D7.tmp.exe.vir 9/3/2007 20:12 tmp8D7.tmp.exe.vir 54 KB
Trojan horse BHO.ARL C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmp8D8.tmp.exe.vir 9/3/2007 20:12 tmp8D8.tmp.exe.vir 77.78 KB
Trojan horse BHO.ARL C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmp8D9.tmp.exe.vir 9/3/2007 20:12 tmp8D9.tmp.exe.vir 77.78 KB
Trojan horse BackDoor.Generic8.BIY C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmpAAC.tmp.exe.vir 9/3/2007 20:12 tmpAAC.tmp.exe.vir 54 KB
Trojan horse BackDoor.Generic8.BIY C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmpAAE.tmp.exe.vir 9/3/2007 20:12 tmpAAE.tmp.exe.vir 54 KB
Trojan horse BackDoor.Generic8.BIY C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmpB95.tmp.exe.vir 9/3/2007 20:12 tmpB95.tmp.exe.vir 54 KB
Trojan horse BackDoor.Generic8.BIY C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmpB97.tmp.exe.vir 9/3/2007 20:12 tmpB97.tmp.exe.vir 54 KB
Trojan horse BackDoor.Generic8.BIY C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmpC8F.tmp.exe.vir 9/3/2007 20:12 tmpC8F.tmp.exe.vir 54 KB
Trojan horse BackDoor.Generic8.BIY C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmpC90.tmp.exe.vir 9/3/2007 20:12 tmpC90.tmp.exe.vir 54 KB
Trojan horse BHO.ATH C:\qoobox\Quarantine\C\DOCUME~1\TEDDIG~1\APPLIC~1\tmpCBD.tmp.exe.vir 9/3/2007 20:12 tmpCBD.tmp.exe.vir 77.73 KB
Trojan horse Downloader.Generic4.IQO C:\qoobox\Quarantine\C\Program Files\Common Files\Yazzle1162OinAdmin.exe.vir 9/3/2007 20:12 Yazzle1162OinAdmin.exe.vir 143 KB
Trojan horse BackDoor.Agent.KTB C:\qoobox\Quarantine\C\WINDOWS\avp.exe.vir 9/3/2007 20:12 avp.exe.vir 20.5 KB
Trojan horse Downloader.Agent.ROW C:\qoobox\Quarantine\C\WINDOWS\b138.exe.vir 9/3/2007 20:12 b138.exe.vir 21.5 KB
Trojan horse BackDoor.Agent.KVY C:\qoobox\Quarantine\C\WINDOWS\mgrs.exe.vir 9/3/2007 20:12 mgrs.exe.vir 11.5 KB
Trojan horse Dialer.LKS C:\qoobox\Quarantine\C\WINDOWS\system32\drvtal.dll.vir 9/3/2007 20:12 drvtal.dll.vir 94 KB
Trojan horse Downloader.Small.OY C:\qoobox\Quarantine\C\WINDOWS\system32\hlpsrv.exe.vir 9/3/2007 20:12 hlpsrv.exe.vir 10 KB
Virus identified Obfustat.ESQ C:\qoobox\Quarantine\C\WINDOWS\system32\ssqpppq.dll.vir 9/3/2007 20:12 ssqpppq.dll.vir 13 KB
Trojan horse BHO.AUX C:\qoobox\Quarantine\C\WINDOWS\system32\tmp12B6.tmp.dll.vir 9/3/2007 20:12 tmp12B6.tmp.dll.vir 63.2 KB
Trojan horse BHO.AUX C:\qoobox\Quarantine\C\WINDOWS\system32\tmp12E0.tmp.dll.vir 9/3/2007 20:12 tmp12E0.tmp.dll.vir 63.2 KB
Trojan horse BHO.AQO C:\qoobox\Quarantine\C\WINDOWS\system32\tmp1A.tmp.dll.vir 9/3/2007 20:12 tmp1A.tmp.dll.vir 63 KB
Trojan horse BHO.AQO C:\qoobox\Quarantine\C\WINDOWS\system32\tmp2D.tmp.dll.vir 9/3/2007 20:12 tmp2D.tmp.dll.vir 63 KB
Trojan horse BHO.AQO C:\qoobox\Quarantine\C\WINDOWS\system32\tmp43.tmp.dll.vir 9/3/2007 20:12 tmp43.tmp.dll.vir 63 KB
Trojan horse BHO.AQO C:\qoobox\Quarantine\C\WINDOWS\system32\tmp48.tmp.dll.vir 9/3/2007 20:12 tmp48.tmp.dll.vir 63 KB
Trojan horse BHO.AUP C:\qoobox\Quarantine\C\WINDOWS\system32\tmp8D8.tmp.dll.vir 9/3/2007 20:12 tmp8D8.tmp.dll.vir 63.13 KB
Trojan horse BHO.AUP C:\qoobox\Quarantine\C\WINDOWS\system32\tmp8D9.tmp.dll.vir 9/3/2007 20:12 tmp8D9.tmp.dll.vir 63.13 KB
Trojan horse BHO.ARF C:\qoobox\Quarantine\C\WINDOWS\system32\tmpB6C.tmp.dll.vir 9/3/2007 20:12 tmpB6C.tmp.dll.vir 63 KB
Trojan horse BHO.ARF C:\qoobox\Quarantine\C\WINDOWS\system32\tmpC7A.tmp.dll.vir 9/3/2007 20:12 tmpC7A.tmp.dll.vir 63 KB
Trojan horse BHO.AUN C:\qoobox\Quarantine\C\WINDOWS\system32\tmpCBC.tmp.dll.vir 9/3/2007 20:12 tmpCBC.tmp.dll.vir 63.15 KB
Trojan horse BHO.AUX C:\qoobox\Quarantine\C\WINDOWS\system32\tmpCBD.tmp.dll.vir 9/3/2007 20:12 tmpCBD.tmp.dll.vir 63.2 KB
Trojan horse Dialer.LYA C:\qoobox\Quarantine\C\WINDOWS\system32\winepi32.dll.vir 9/3/2007 20:12 winepi32.dll.vir 20 KB
Trojan horse Dialer.LYA C:\qoobox\Quarantine\C\WINDOWS\system32\winzoa32.dll.vir 9/3/2007 20:12 winzoa32.dll.vir 20 KB
Trojan horse Generic6.NCZ C:\qoobox\Quarantine\C\WINDOWS\system32\zzhwdi.dll.vir 9/3/2007 20:12 zzhwdi.dll.vir 59.5 KB
Trojan horse BackDoor.Generic7.USL C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\ip6fw.sys.vir 9/3/2007 20:12 ip6fw.sys.vir 28.38 KB
Trojan horse PSW.Generic5.RO C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\runtime2.sys.vir 9/3/2007 20:12 runtime2.sys.vir 34.25 KB
Virus identified Obfustat.ESF C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\svchost.exe.vir 9/3/2007 20:12 svchost.exe.vir 16.13 KB
Trojan horse Lop.CV C:\VundoFix Backups\cocncook.dll.bad 9/3/2007 20:12 cocncook.dll.bad 122.56 KB
Trojan horse Lop.CV C:\VundoFix Backups\egniyrhi.dll.bad 9/3/2007 20:12 egniyrhi.dll.bad 122.56 KB
Trojan horse Lop.CV C:\VundoFix Backups\eihajhyf.dll.bad 9/3/2007 20:12 eihajhyf.dll.bad 122.56 KB
Trojan horse Lop.CV C:\VundoFix Backups\gwpjejfy.dll.bad 9/3/2007 20:12 gwpjejfy.dll.bad 122.56 KB
Trojan horse Lop.CV C:\VundoFix Backups\ilgflucx.dll.bad 9/3/2007 20:12 ilgflucx.dll.bad 122.56 KB
Trojan horse Lop.CV C:\VundoFix Backups\jcdoypqu.dll.bad 9/3/2007 20:12 jcdoypqu.dll.bad 122.56 KB
Trojan horse Lop.CV C:\VundoFix Backups\jwrveitb.dll.bad 9/3/2007 20:12 jwrveitb.dll.bad 122.56 KB
Trojan horse Lop.CV C:\VundoFix Backups\ncubckmy.dll.bad 9/3/2007 20:12 ncubckmy.dll.bad 122.56 KB
Trojan horse Lop.CV C:\VundoFix Backups\ndvscpuq.dll.bad 9/3/2007 20:12 ndvscpuq.dll.bad 122.56 KB
Trojan horse Lop.CV C:\VundoFix Backups\owygcbsx.dll.bad 9/3/2007 20:12 owygcbsx.dll.bad 122.56 KB
Trojan horse Lop.CV C:\VundoFix Backups\qxxfyebf.dll.bad 9/3/2007 20:12 qxxfyebf.dll.bad 122.56 KB
Virus identified Obfustat.ESQ C:\VundoFix Backups\ssqpppq.dll.bad 9/3/2007 20:12 ssqpppq.dll.bad 13 KB
Trojan horse Lop.CV C:\VundoFix Backups\tpnvfaxi.dll.bad 9/3/2007 20:12 tpnvfaxi.dll.bad 122.56 KB
Trojan horse Dialer.LVB C:\WINDOWS\system32\drvtox.dll 9/3/2007 20:12 drvtox.dll 91.5 KB
Trojan horse Agent.HCY C:\WINDOWS\system32\MailSpectre.exe 9/3/2007 20:12 MailSpectre.exe 92 KB
Trojan horse SpamTool.AOQ C:\WINDOWS\system32\drivers\smtpdrv.sys 9/3/2007 20:12 smtpdrv.sys 17.75 KB

Looking better, you were heavily infected.

Navigate and delete these folders then empty the recycle bin:

C:\VundoFix Backups

C:\qoobox\Quarantine

C:\avenger\backup

Please download SDFix by AndyManchesta and save it to your desktop.

Please then reboot your computer in Safe Mode.

Once in Safe Mode, please do the following:
In Safe Mode, right-click the SDFix.zip folder and choose Extract All.
Open the extracted folder and double-click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt

Run a new Hijack This scan and post the log please.

SDFix: Version 1.102

Run by Teddi Glass on Wed 09/05/2007 at 07:45 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
smtpdrv

ImagePath:
System32\DRIVERS\smtpdrv.sys

smtpdrv - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:50 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\QUICKENW\QWDLLS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/open... (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccomm...
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v1...
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v1...
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v1...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/de...
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagame...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://photolabstore.lifepics.com/n...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v1...
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9286 bytes

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Your Hijack This log is clean but please run AVG Anit-Spyware once again and post the results please.

How is you computer operating?

My computer is running great compared to how it was when we first started this clean up. What is the best way to keep this from happening again? My sons go to all these gaming sites and also sites like MySpace and
I've read somewhere lately these sites are bad for collecting all these virus'. Any tips you can give will be appreciated. I feel you have gone out of your way to help me and I can't thank you enough. I'll download the software and sent you another
AVG results. THANKS!!

General properties
Report name Complete Test
Start time 9/6/2007 6:54
End time 9/6/2007 7:36:58 AM (total: 42:50.10 Min)
Launch method Scanning launched manually
Scanning result Threats found
Report status Scanning completed successfully

Object summary
Scanned 85076
Threats Found 2
Cleaned 0
Moved to vault 1
Deleted 1
Errors 0
C:\WINDOWS\system32\drivers\etc\hosts Change Changed
C:\Documents and Settings\Teddi Glass\Desktop\SDFix.exe:\SDFix\apps\isadmin.exe Virus identified Obfustat.LSQ Infected, Embedded object, Deleted
C:\Documents and Settings\Teddi Glass\Desktop\SDFix.exe Moved to Vault, Archive
C:\SDFix\apps\isadmin.exe Deleted

Looks good but I don't see an antivirus program running.

You can get avg free from this link http://free.grisoft.com/doc/2/

I have avg on my desktop and I get messages
reminding me up to date, but maybe its not
running??? How do I check this?

I still get some pop ups and these are mainly adult sites. What should I to get these pop ups from happening?
Thanks for your help!