Hello everyone,

I noticed that whenever I brought up the task manager (CTRL+ALT+DEL), iexplore was listed as a running program. I thought this was strange because it was never listed in the past and I dont even use IE. Then my AV program (Bitdefender) gave me this warning: "File c:\documents and settings\administrator\start menu\programs\startup\iexplore.exe
infected with Trojan.Clicker.VB.FT"

Id like to get rid of this trojan but i need your help please:)

Thank you

tanger

We need a closer look at what's happening.
Please download http://www.merijn.org/files/hijackthis.zip
Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan and save log".

When the scan is finished, the log will open in Notepad. Do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

heres my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 4:07:41 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\0815.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\0815.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Calendarscope] "C:\Program Files\Calendarscope\cs.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158437160335
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Have Hijack This fix anyof the following that remin in your log by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\0815.exe

O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\0815.exe

Reboot and delete the file C:\WINDOWS\system32\0815.exe

Please post a followup Hijack this log, and say if your problems persist.

heres the latest HJT log...

Logfile of HijackThis v1.99.1
Scan saved at 7:00:03 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\program files\softwin\bitdefender9\bdnagent.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\0815.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Calendarscope] "C:\Program Files\Calendarscope\cs.exe"
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\0815.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158437160335
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Oh, I forgot to mention that something is wrong with my task manager. I cannot see any other tabs...its tough to explain but heres a pic of it.

http://i100.photobucket.com/albums/m22/MAC_ENG/taskbar.jpg

Sorry but to say, did you do exactly as david_eaton's way? I found that 0815.exe still running in backgraound. Try close every windows except HiJackThis, and check the two options that david_eaton listed, then fix it.

The next step would be a bit different with david_eaton's way for mine, reboot into Safe Mode instead of Normal Mode to delete the 0815.exe which located in C:\WINDOWS\system32\0815.exe.

Post a HiJackThis log file again after you done them.

For your second problem, just double click on the top border of Task Manager.

Sorry but to say, did you do exactly as david_eaton's way? I found that 0815.exe still running in backgraound. Try close every windows except HiJackThis, and check the two options that david_eaton listed, then fix it.

The next step would be a bit different with david_eaton's way for mine, reboot into Safe Mode instead of Normal Mode to delete the 0815.exe which located in C:\WINDOWS\system32\0815.exe.

Post a HiJackThis log file again after you done them.

For your second problem, just double click on the top border of Task Manager.
chrisling,

As I have asked you before, please do not respond to malware topics, especially when they involve HJT logs...

If the file deleted in Normal mode, but then were restored, it is unlikely that they will do any different being deleted in Safe Mode...

tanger,

Please run this tool to see if it will kill that trojan...

* Click here (http://support.f-secure.com/enu/home/ols3.shtml) to use the F-Secure Online Scanner
It's explained there with images how to allow the ActiveX to start the scan, so read that first.
Then click the F-Secure Online Scanner Next Generation Beta link.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.

I just follow up david_eaton's opinion of delete that 0815.exe. I didn't give anything wrong at all for this time. And I want to emphasize that human is improving every seconds. Last time I din't know everything doesn't mean I don't know everything too for now.

I just follow up david_eaton's opinion of delete that 0815.exe. I didn't give anything wrong at all for this time. And I want to emphasize that human is improving every seconds. Last time I don't know everything doesn't mean I don't everything too for now.

We still ask that only those who we know have the skills post to these topics... If you want to change your status, contact me by PM and verify your credentials for doing it...

For the task manager problem, just double click somewhere on the blank part to the left of the "end task" button.

I tried the F-Secure online scan but when it got to the downloading phase, it stopped midway and said "Unable to download components" (something to that extent). I'll keep trying to get F-Secure to work, but is there another online scanner that will do the same?

Nevermind I got FSecure to work, Ill post its log when its done

Its taking really long for the scan to finish. It has taken 9 hours and its still disinfecting a tracking cookie. Should I wait it out?

No, stop it and restart... If it stalls again, post back here and we will look at another tool... Try running CCleaner before you run F-Secure to clean out cookies since that might help...

http://www.ccleaner.com/downloadbuilds.asp

Be careful to NOT accept the toolbar when you install CCleaner unless you really want another toolbar...

I think FSecure stalled the first first so i ran it again and it finished scanning


Result: 3 malware found
Java/OpenConnection.AA (virus)

* C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\JAVAPI\V1.0\JAR\COU NT.JAR-2FB8221A-263320D0.ZIP (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)

Win32.Trojan.Downloader (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 21122
* System: 3695
* Not scanned: 5

Actions:

* Disinfected: 2
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 1

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{1E0101 B5-0DDD-4A00-A9A0-08639A04ED39}.BIN

Options
Scanning engines:

* F-Secure AVP: 6.0.171, 2006-10-13
* F-Secure Libra: 2.4.1, 2006-10-13
* F-Secure Orion: 1.2.37, 2006-10-13
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Pegasus: 1.19.0, 2006-08-29
* F-Secure Draco: 1.0.35, 2006-10-06

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Good, now please post a fresh HJT log after rebooting first and let us know how your computer is doing...

This is the newest HJT log, it seems that 0815.exe is still around

Logfile of HijackThis v1.99.1
Scan saved at 2:24:40 AM, on 15/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\0815.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\0815.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158437160335[/url]
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - [url]http://support.f-secure.com/ols3/fscax.cab[/url]
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Okay, run this program so we can see what is maintaining that pest...

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

The txt file is too long (30000 character and it only allows 10000) so ill post the log in pieces


Administrator - 06-10-15 18:03:40.69 Service Pack 2
ComboFix 06.10.16 - Running from: "C:\Documents and Settings\Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-15 to 2006-10-15 ))))))))))))))))))))))))))))))))))


2006-09-30 16:06 967 --a------ C:\WINDOWS\ScUnin.pif
2006-09-30 16:06 70,656 --a------ C:\WINDOWS\ScUnin.exe
2006-09-24 14:18 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2006-09-21 13:58 45,358,116 --a------ C:\regbackup.reg
2006-09-19 23:27 14,848 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-19 00:38 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-09-19 00:38 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-09-19 00:24 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2006-09-19 00:24 118,784 --a------ C:\WINDOWS\system32\pdfmona.dll
2006-09-18 17:36 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-09-18 17:32 96,256 --a------ C:\WINDOWS\system32\drivers\sptd0045.sys
2006-09-18 17:32 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-17 12:13 29,968 --a------ C:\WINDOWS\system32\mdimon.dll
2006-09-16 17:26 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-16 16:57 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-09-16 16:38 77,312 --a------ C:\WINDOWS\system32\browser.dll
2006-09-16 16:38 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-09-16 16:38 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2006-09-16 16:38 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-09-16 16:37 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-16 16:37 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-16 16:37 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2006-09-16 16:37 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-16 16:37 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-16 16:37 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-09-16 16:37 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-16 16:37 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-16 16:37 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2006-09-16 16:37 243,200 --a------ C:\WINDOWS\system32\es.dll
2006-09-16 16:37 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-16 16:37 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-16 16:37 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-16 16:37 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2006-09-16 16:37 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2006-09-16 16:37 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-16 16:34 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-16 16:32 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-09-16 16:17 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-09-16 16:17 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-09-16 16:17 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2006-09-16 16:17 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-09-16 16:17 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-16 16:06 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-16 16:06 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-16 16:06 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-16 16:06 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-09-16 16:06 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-16 16:06 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-16 15:46 57,344 --a------ C:\WINDOWS\BCMSMD2K.exe
2006-09-16 15:46 49,152 --a------ C:\WINDOWS\system32\BCMSM168.dll
2006-09-16 15:46 151,552 --a------ C:\WINDOWS\BCMSMU.exe
2006-09-16 15:46 122,880 --a------ C:\WINDOWS\system32\BCMSMI32.dll
2006-09-16 15:46 122,880 --a------ C:\WINDOWS\BCMSMMSG.exe
2006-09-16 15:46 1,101,696 --a------ C:\WINDOWS\system32\drivers\BCMSM.sys
2006-09-16 15:40 69,632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll
2006-09-16 15:40 667,648 --a------ C:\WINDOWS\system32\BCMLogon.dll
2006-09-16 15:40 424,320 --a------ C:\WINDOWS\system32\drivers\BCMWL5.SYS
2006-09-16 15:40 33,664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS
2006-09-16 15:40 253,952 --a------ C:\WINDOWS\system32\bcmwlu00.exe
2006-09-16 15:40 1,200,128 --a------ C:\WINDOWS\system32\BCMWLTRY.EXE
2006-09-16 15:39 89,088 --a------ C:\WINDOWS\system32\ATL71.DLL
2006-09-16 15:39 86,016 --a------ C:\WINDOWS\system32\preflib.dll
2006-09-16 15:39 757,760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2006-09-16 15:39 44,032 --a------ C:\WINDOWS\system32\wltrynt.dll
2006-09-16 15:39 2,129,920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL
2006-09-16 15:39 18,944 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE
2006-09-16 15:39 1,347,584 --a------ C:\WINDOWS\system32\WLTRAY.EXE
2006-09-16 15:38 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-09-16 15:38 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2006-09-16 15:38 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-09-16 15:38 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-09-16 15:38 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-09-16 15:38 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-09-16 15:38 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2006-09-16 15:38 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2006-09-16 15:38 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-09-16 15:38 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2006-09-16 15:38 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-16 15:38 264,440 --a------ C:\WINDOWS\system32\drivers\stac97.sys
2006-09-16 15:38 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-09-16 15:38 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-09-16 15:38 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-09-16 15:38 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-09-16 15:38 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2006-09-16 15:35 155,648 --a------ C:\WINDOWS\system32\igfxres.dll
2006-09-16 15:33 94,208 --a------ C:\WINDOWS\system32\igfxext.exe
2006-09-16 15:33 90,112 --a------ C:\WINDOWS\system32\igfxzoom.exe
2006-09-16 15:33 880,640 --a------ C:\WINDOWS\system32\igfxress.dll
2006-09-16 15:33 86,016 --a------ C:\WINDOWS\system32\igfxdo.dll
2006-09-16 15:33 739,899 --a------ C:\WINDOWS\system32\ialmdd5.dll
2006-09-16 15:33 69,632 --a------ C:\WINDOWS\system32\oemdspif.dll
2006-09-16 15:33 681,629 --a------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2006-09-16 15:33 61,440 --a------ C:\WINDOWS\system32\iAlmCoIn_v3775.dll
2006-09-16 15:33 49,152 --a------ C:\WINDOWS\system32\ialmrem.dll
2006-09-16 15:33 471,040 --a------ C:\WINDOWS\system32\ialmgdev.dll
2006-09-16 15:33 462,848 --a------ C:\WINDOWS\system32\igfxcfg.exe
2006-09-16 15:33 45,056 --a------ C:\WINDOWS\system32\igfxdgps.dll
2006-09-16 15:33 36,415 --a------ C:\WINDOWS\system32\ialmrnt5.dll
2006-09-16 15:33 339,968 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2006-09-16 15:33 32,768 --a------ C:\WINDOWS\system32\igfxexps.dll
2006-09-16 15:33 26,496 --a------ C:\WINDOWS\system32\drivers\usbstor.sys
2006-09-16 15:33 225,280 --a------ C:\WINDOWS\system32\igfxpph.dll
2006-09-16 15:33 221,184 --a------ C:\WINDOWS\system32\igfxeud.dll
2006-09-16 15:33 2,273,280 --a------ C:\WINDOWS\system32\ialmgicd.dll
2006-09-16 15:33 155,648 --a------ C:\WINDOWS\system32\igfxtray.exe
2006-09-16 15:33 151,552 --a------ C:\WINDOWS\system32\igfxdiag.exe
2006-09-16 15:33 143,360 --a------ C:\WINDOWS\system32\igfxdev.dll
2006-09-16 15:33 126,976 --a------ C:\WINDOWS\system32\igfxhk.dll
2006-09-16 15:33 126,651 --a------ C:\WINDOWS\system32\ialmdev5.dll
2006-09-16 15:33 118,784 --a------ C:\WINDOWS\system32\hkcmd.exe
2006-09-16 15:33 118,784 --a------ C:\WINDOWS\system32\hccutils.dll
2006-09-16 15:33 103,484 --a------ C:\WINDOWS\system32\ialmdnt5.dll
2006-09-16 15:23 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-16 15:23 0 -rahs---- C:\MSDOS.SYS
2006-09-16 15:23 0 -rahs---- C:\IO.SYS
2006-09-16 15:23 0 --a------ C:\CONFIG.SYS
2006-09-16 15:23 0 --a------ C:\AUTOEXEC.BAT
2006-09-16 15:21 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-16 15:20 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-16 15:20 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-16 15:20 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-16 15:20 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-09-16 15:20 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-16 15:20 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-09-16 15:20 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-16 15:20 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-16 15:20 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-16 15:20 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-16 15:20 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-16 15:20 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-16 15:20 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-16 15:20 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-16 15:20 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-16 15:20 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-16 15:20 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-16 15:20 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-16 15:20 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-16 15:20 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-16 15:20 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-16 15:20 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-16 15:20 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-16 15:20 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-16 15:20 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-16 15:20 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-16 15:20 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-16 15:20 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-16 15:18 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-16 15:18 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-16 15:18 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-16 15:18 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-16 15:18 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-16 15:18 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-16 15:18 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-16 15:17 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-16 15:17 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-16 15:17 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-16 15:17 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-16 15:17 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-16 15:17 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-16 15:17 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-16 15:17 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-16 15:17 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-16 15:17 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-16 15:17 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-16 15:17 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-16 15:17 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-16 15:17 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-16 15:17 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-16 15:17 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-16 15:17 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-16 15:17 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-16 15:17 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-16 15:17 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-16 15:17 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-16 15:17 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-16 15:17 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-16 15:17 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-16 15:17 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-09-16 15:17 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-16 15:17 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-16 15:17 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-16 15:17 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-16 15:17 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-16 15:17 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-16 15:17 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-16 15:17 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-16 15:17 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-16 15:17 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-16 15:17 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-16 15:17 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-16 15:17 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-16 15:17 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-16 15:17 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-16 15:17 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-16 15:17 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-16 15:17 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-16 15:17 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-16 15:17 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-16 15:17 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-16 15:17 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-16 15:17 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-16 15:17 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-16 15:17 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-16 15:17 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-16 15:17 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-16 15:17 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-16 15:17 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-16 15:17 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-16 15:17 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-16 15:17 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-16 15:17 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-16 15:17 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-16 15:17 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-16 15:17 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-16 15:17 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-16 15:17 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-16 15:17 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-16 15:17 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-16 15:17 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-16 15:17 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-16 15:17 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-16 15:17 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-16 11:11 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-09-16 11:11 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-09-16 11:10 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2006-09-16 11:10 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-16 11:10 14,080 --a------ C:\WINDOWS\system32\drivers\cmbatt.sys
2006-09-16 11:10 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2006-09-16 11:08 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-16 11:08 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-16 11:08 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-16 11:08 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-16 11:08 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-16 11:08 69,120 --a------ C:\WINDOWS\notepad.exe
2006-09-16 11:08 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-16 11:08 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-16 11:08 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-16 11:08 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-16 11:08 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-16 11:08 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-16 11:08 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-16 11:08 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-16 11:08 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-16 11:08 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-16 11:08 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-16 11:08 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-16 11:08 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-16 11:08 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-16 11:08 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-16 11:08 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-16 11:08 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll

2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-16 11:08 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-16 11:08 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-16 11:08 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-16 11:08 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-16 11:08 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-16 11:08 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-09-16 11:08 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2006-10-15 13:32 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-15 02:24 -------- d-------- C:\Program Files\hijackthis
2006-10-14 22:38 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2006-10-11 22:26 -------- d-------- C:\Program Files\Super Nintendo ROMs Collection
2006-10-11 21:21 -------- d-------- C:\Program Files\MSN Messenger
2006-10-06 13:27 -------- d-------- C:\Program Files\Ares
2006-10-03 13:42 -------- d-------- C:\Program Files\EvID_4226Patch223d-en
2006-10-02 18:36 -------- d-------- C:\Program Files\Calendarscope
2006-10-02 01:17 -------- d-------- C:\Program Files\R
2006-10-01 23:07 -------- d-------- C:\Program Files\Starcraft
2006-09-27 16:30 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-09-21 19:13 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-09-21 19:02 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2006-09-21 18:54 -------- d-------- C:\Program Files\TCP Optimizer
2006-09-21 18:53 -------- d-------- C:\Program Files\Microsoft Bootvis
2006-09-20 22:42 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2006-09-20 16:41 -------- d-------- C:\Program Files\Java
2006-09-20 16:21 -------- d-------- C:\Program Files\Common Files\Java
2006-09-20 16:21 -------- d-------- C:\Program Files\Common Files
2006-09-19 00:39 -------- d-------- C:\Program Files\XviD
2006-09-19 00:37 -------- d-------- C:\Program Files\AC3Filter
2006-09-19 00:34 -------- d-------- C:\Program Files\pdf995
2006-09-19 00:25 -------- d-------- C:\Documents and Settings\Administrator\Application Data\pdf995
2006-09-19 00:19 -------- d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2006-09-19 00:13 1712 --a------ C:\Documents and Settings\Administrator\Application Data\AdobeDLM.log
2006-09-19 00:13 0 --a------ C:\Documents and Settings\Administrator\Application Data\dm.ini
2006-09-19 00:13 -------- d-------- C:\Program Files\Adobe
2006-09-18 23:13 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-18 17:42 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-09-18 17:36 -------- d-------- C:\Program Files\DAEMON Tools
2006-09-18 13:08 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-18 13:05 -------- d-------- C:\Program Files\Nero
2006-09-18 00:44 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2006-09-17 12:11 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-17 12:10 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-17 12:10 -------- d-------- C:\Program Files\Microsoft Office
2006-09-17 12:10 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-17 12:09 -------- d-------- C:\Program Files\Microsoft Works
2006-09-17 02:35 -------- d-------- C:\Program Files\GSpot
2006-09-17 02:32 -------- d-------- C:\Program Files\Lavasoft
2006-09-17 02:31 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2006-09-17 02:27 -------- d-------- C:\Program Files\VideoLAN
2006-09-17 02:27 -------- d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2006-09-17 02:04 -------- d-------- C:\Program Files\iTunes
2006-09-17 02:02 -------- d-------- C:\Program Files\iPod
2006-09-17 02:02 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2006-09-17 02:01 -------- d-------- C:\Program Files\QuickTime
2006-09-17 01:53 -------- d-------- C:\Program Files\Softwin
2006-09-16 21:50 -------- d-------- C:\Program Files\Common Files\Softwin
2006-09-16 20:20 -------- d-------- C:\Documents and Settings\Administrator\Application Data\BitDefender
2006-09-16 20:15 -------- d-------- C:\Program Files\WinRAR
2006-09-16 18:50 -------- d-------- C:\Program Files\Messenger
2006-09-16 18:49 -------- d-------- C:\Program Files\Windows Media Player
2006-09-16 18:49 -------- d-------- C:\Program Files\Internet Explorer
2006-09-16 18:45 -------- d-------- C:\Program Files\Outlook Express
2006-09-16 18:45 -------- d-------- C:\Program Files\Common Files\System
2006-09-16 18:41 -------- d-------- C:\Program Files\BitComet
2006-09-16 17:31 -------- d-------- C:\Program Files\Movie Maker
2006-09-16 17:29 -------- d-------- C:\Program Files\Windows NT
2006-09-16 17:29 -------- d-------- C:\Program Files\NetMeeting
2006-09-16 16:06 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-16 15:48 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2006-09-16 15:41 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-16 15:41 -------- d-------- C:\Program Files\Broadcom
2006-09-16 15:40 -------- d-------- C:\Program Files\Dell

2006-09-16 15:38 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-16 15:38 -------- d-------- C:\Program Files\SigmaTel
2006-09-16 15:31 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-16 15:31 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2006-09-16 15:23 -------- d-------- C:\Program Files\xerox
2006-09-16 15:23 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-16 15:21 -------- d-------- C:\Program Files\Online Services
2006-09-16 15:20 -------- d-------- C:\Program Files\Common Files\Services
2006-09-16 15:20 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-16 15:19 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-16 15:18 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-16 15:18 -------- d-------- C:\Program Files\MSN
2006-09-16 11:09 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-16 11:09 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-16 11:08 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-16 05:37 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"startkey"="C:\\WINDOWS\\system32\\0815.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"BCMSMMSG"="BCMSMMSG.exe"
"startkey"="C:\\WINDOWS\\system32\\0815.exe"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdmcon.exe\""
"BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
"BDNewsAgent"="\"c:\\program files\\softwin\\bitdefender9\\bdnagent.exe\""
"BDSwitchAgent"="\"c:\\program files\\softwin\\bitdefender9\\bdswitch.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00, 00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00, 00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00, 00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^iexplore.exe]
"path"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\iexplore.exe"
"backup"="C:\\WINDOWS\\pss\\iexplore.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\iexplore.exe"
"item"="iexplore"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-15 18:04:54.66
C:\ComboFix.txt ... 06-10-15 18:04

It looks like you have been installing a number of different programs recently and it is going to take a while for me to sort through this... I will do that later this evening... Please do not install anything else unless it is for cleanup until we get through this...

Sorry for the delay, I got pulled away by life...

There are several possible causes for the problems here... First, please run a couple of tools:

Download AboutBuster and run it twice while in Safe Mode... Save and post the logs here:

http://www.malwarebytes.org/AboutBuster.zip

If you did not already run CCleaner, please do so now...

These two folders are suspicious and look like they may be bad... Please check in them and see if you recognize any of the files... Check Properties to find out what company created them if possible and report on what you find here:

C:\Program Files\R
C:\Program Files\EvID_4226Patch223d-en

If you find evidence that they are bad, you can simply delete them...

This may be how you got infected in the first place:

C:\Program Files\Ares

Download Killbox:

http://www.atribune.org/downloads/KillBox.exe

Then copy/paste this path into a Notepad file so that you can access it in Safe Mode... Boot to Safe Mode (tap F8 just before Windows starts loading and select Safe Mode)... Choose the "Delete on reboot" and "End Explorer Shell while Killing file" options... Copy/paste the entire path into the line for the file... Once entered, click through to kill it...

C:\WINDOWS\system32\0815.exe

Reboot to Normal mode and post a fresh HJT log and the AboutBuster log...

I rebooted into safe mode and ran AboutBuster. After it completed its scan it gave me this warning: Runtime error '339': Component 'comctl32.ocx' or one of it s dependencies not correctly registered: a file is missing or invalid.

I also know what these two files are:
C:\Program Files\R
C:\Program Files\EvID_4226Patch223d-en

Here is the HJT log...its still around :mad:


Logfile of HijackThis v1.99.1
Scan saved at 2:23:02 AM, on 17/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\AboutBuster\AboutBu ster.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\0815.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\0815.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158437160335[/url]
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - [url]http://support.f-secure.com/ols3/fscax.cab[/url]
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Did you run CCleaner?? Did you use KillBox?? Please let me know what you have actually done so I can figure what to do next....

Sorry...forgot to mention that I did run both of those programs before I posted the latest HJT log.

I am not sure why this thing is hanging on so tightly... Did it appear that KillBox worked?? When you deleted the files, did they appear to delete?? Please do this:

Please download the Suspicious File Packer from here:
http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop and run it.

Paste the following list of bad files into the Suspicious File Packer window:

C:\WINDOWS\system32\0815.exe

Allow SFP to pack the files. This will generate a CAB archive on your desktop. Please email the files to the SWI archive at this address (malware@spywareinfo.com).

Please include a link to this log, as well as your most recent HijackThis log.

Then throw a couple of tools at it...

Use AVG AS (Ewido)...

Please download, install, and update Ewido anti-spyware (http://www.ewido.net/en/download/)



Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.

After the update finishes (the status bar at the bottom will display "Update successful")

Close ewido. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.


In Safe Mode, load Ewido and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Restart back into Normal Mode.


Please perform another scan with Hijack This, and then post back with a copy of the Ewido log and the new HijackThis log.

Also, try a HouseCall scan from TrendMicro from the link in my signature...

Bud, I found this discussion while searching for "0815.exe". Because I HAD this same virus just two days ago. I tried AVAST Anti Virus, I tried deleting it several times... tried accessing it from dos.. nothing. Finally, yesterday, Webroots Spysweeper found it, deleted it, rebooted my system, and deleted the rest of it. I'm not an expert, but it's just food for thought. Might wanna suggest this to him. My computer is running 100% better now. :)

I ran SFP and it created a cab file which i emailed to the address you gave me.
I have yet to run the Housecall but here are the logs

Logfile of HijackThis v1.99.1
Scan saved at 2:48:48 PM, on 17/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\program files\softwin\bitdefender9\bdnagent.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\0815.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\0815.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158437160335[/url]
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - [url]http://support.f-secure.com/ols3/fscax.cab[/url]
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:42:49 PM 17/10/2006

+ Scan result:



C:\Documents and Settings\Administrator\Local Settings\Temp\l8rf7pg3.wm -> Exploit.MS05-053-WMF : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\zcfs1yfi.wm -> Exploit.MS05-053-WMF : Cleaned.
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt [2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gxe43u30.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\pss\iexplore.exeStartup -> Trojan.VB.amd : Cleaned.


::Report end

Have you run the HouseCall scan yet?? If you did and still have the problem, it would probably be a good idea and try what Dac suggested and run the trial version of SpySweeper...

I havent run Housecall yet because ive been extremely busy with work and I need this computer. I think ill run Housecall tonight and IF that doesnt fix the probelm Ill run Spysweeper and Ill post back when its all done

I finally found some time to run housecall and i think it worked. The HJT log seems to be clean...

Logfile of HijackThis v1.99.1
Scan saved at 11:40:12 AM, on 23/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\program files\softwin\bitdefender9\bdnagent.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158437160335[/url]
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - [url]http://support.f-secure.com/ols3/fscax.cab[/url]
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Your log does appear to be clean, so assuming you are not having any more problems:

Here is my prevention speech to help avoid future infection:

This is a good time to set up protection against further attacks. Read the article linked below about "How did I
get infected". You need an antivirus that is updated, a good firewall (a router firewall is not enough) and a
spyware blocker like SpywareBlaster and also IE-Spyads. All of these have good free versions available... be very
cautious about any security software that advertises in popups or other intrusive ways, they are not only usually
useless, but also often have malware in them....

http://forums.spywareinfo.com/index.php?showtopic=60955

Thanks for the article..
Just wanted to thank you for all your advice and guidance through this long process!

tanger