Hi, please check these items.


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\System32\winapi32.dll

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file

O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [Win32 Usb Driver] svhosint32.exe

O4 - HKLM\..\Run: [Win32 System Spool] spoolsvc.exe

O4 - HKLM\..\Run: [Windows Update Manager] updmgr.exe

O4 - HKLM\..\Run: [Sysino] lsess.exe

O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto

O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe

O4 - HKLM\..\RunServices: [Win32 Usb Driver] svhosint32.exe

O4 - HKLM\..\RunServices: [Win32 System Spool] spoolsvc.exe

O4 - HKLM\..\RunServices: [Windows Update Manager] updmgr.exe

O4 - HKLM\..\RunServices: [Sysino] lsess.exe

O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe

O4 - HKCU\..\Run: [Win32 Usb Driver] svhosint32.exe

O4 - HKCU\..\Run: [Win32 System Spool] spoolsvc.exe

O4 - HKCU\..\Run: [Sysino] lsess.exe

O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://D:\components\Liquid.ocx

O21 - SSODL: mtklef - {99589906-CF95-4335-F5AC-30E73DFAA272} - C:\WINDOWS\System32\dehsm32.dll

O23 - Service: Win32 System Spool - Unknown owner - C:\WINDOWS\system32\spoolsvc.exe" -netsvcs (file missing)


Click Fix Checked.

_________________________________________________________

We need to remove a NT Service

Do the following:

• Start -> Run
  *type services.msc
  *click OK

The Services Management Console opens - do the following:

• Click the Extended tab.
  *Scroll down until you find Win32 System Spool
  *Click on the service to highlight it.
  *Click Stop
  *Right-Click on Win32 System Spool.
  *Click on 'Properties'
  *Select the 'General' tab
  *Click the down-arrow on the right-hand side on the 'Start-up Type' box
  *From the drop-down menu, select ' Disabled'
  *Click the 'Apply' tab
  *Click 'OK'

Now:

1. Open HJT
   *Click on Config>>Misc Tools>>Delete an NT Service
   *Type Win32 System Spool in the space provided and click 'OK'.
   *The program will ask you to REBOOT --- Accept
   *REBOOT into SAFE MODE
   *Using Windows Explorer, locate and DELETE the following file (if it still is present):
   C:\WINDOWS\system32\spoolsvc.exe
   *REBOOT back into Normal Mode
   *Attach another HijackThis log

________________________________________________________

Please download Pocket Killbox by O^E.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  
  
  C:\WINDOWS\system32\spoolsvc.exe
  
  C:\WINDOWS\system32\updmgr.exe
  
  C:\WINDOWS\System32\winapi32.dll
  
  C:\WINDOWS\system32\lsess.exe
  
  C:\Program Files\winupdate\winupdate.exe
  
  C:\WINDOWS\system32\runsrv32.exe
  
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

_______________________________________________________

Please download ewido anti-malware it is a free version of the program.

1. Install ewido anti-malware
2. When installing, under "Additional Options" uncheck..
   • Install background guard
   • Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
   
6. You will need to update ewido to the latest definition files.
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
   (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

• Open up Ewido
• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.
• Close ewido anti-malware.

Reboot.

________________________________________________________

Post the ewido log, and a new HJT log

Thanks for the help so far, it seems to be working.

I followed all the steps,

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:56:36 PM, on 5/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\My Documents\Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll (file missing)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Free WebSite Tools.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B50B713-566A-4766-871E-26F4A84C6E20} (GINTCt9h.grid) - http://www.genavsystems.com/ftus/win660/probook2047.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/pro...tor/WebSWK.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/...lowActiveX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: AIEIAHFC - {6EFC0045-76E0-3C9E-33E5-64FC7BA42DD7} - C:\WINDOWS\System32\Dnleei32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Here's the ewido log, though it crashed twice before it finally completed a full scan.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 10:47:37 PM, 5/13/2006
+ Report-Checksum: 5286DFD2
+ Scan result:
[1432] C:\WINDOWS\System32\Dnleei32.dll -> Worm.Padobot.z : Error during cleaning
C:\Program Files\DIGStream\__delete_on_reboot__digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP509\A0159219.dll -> Downloader.VB.aan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP509\A0159220.exe -> Trojan.Crypt.e : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP509\A0159221.exe -> Backdoor.Rbot.rc : Cleaned with backup
C:\WINDOWS\m61393.sys -> Trojan.Kolweb.e : Cleaned with backup
C:\WINDOWS\SYSTEM32\AvpG.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\WINDOWS\SYSTEM32\b60ivd.exe -> Trojan.Kolweb.e : Cleaned with backup
C:\WINDOWS\SYSTEM32\bmwshfgx.zmp -> Hijacker.Small.js : Cleaned with backup
C:\WINDOWS\SYSTEM32\bnmflv.exe -> Worm.Padobot.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\cfwhrf.exe -> Worm.Padobot.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\cqpevi.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\dehsm32.dll -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\dgrxvu.exe -> Worm.Padobot.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050410-201027.backup -> Trojan.Qhost.a : Cleaned with backup
C:\WINDOWS\SYSTEM32\ehwqnq.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\Flacin32.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\Hgflcm32.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\Jqkmnc32.dll -> Logger.Qukart.m : Cleaned with backup
C:\WINDOWS\SYSTEM32\keffmz.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\kfyq2.exe -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\SYSTEM32\kjprep.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\kkufnu.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\Lcibfn32.dll -> Logger.Qukart.m : Cleaned with backup
C:\WINDOWS\SYSTEM32\ltyfkpqf.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\SYSTEM32\m61393.sys -> Trojan.Kolweb.e : Cleaned with backup
C:\WINDOWS\SYSTEM32\mbfygj.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\Mhhdgkfj.dll -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\niwuxxxe.exe -> Downloader.VB.aan : Cleaned with backup
C:\WINDOWS\SYSTEM32\Onmcppob.dll -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\parad.raw.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\SYSTEM32\phqghu.exe -> Worm.Padobot.z : Cleaned with backup
C:\WINDOWS\SYSTEM32\psajlf.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\qlxdln.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\repggx.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\repigsp.exe -> Not-A-Virus.Hoax.Win32.VB.l : Cleaned with backup
C:\WINDOWS\SYSTEM32\scxggb.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\srtesj.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\ukmgvi.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\voblaizdupla.exe -> Downloader.Small.dsr : Cleaned with backup
C:\WINDOWS\SYSTEM32\winbl32.dll -> Not-A-Virus.Hoax.Win32.VB.l : Cleaned with backup
C:\WINDOWS\SYSTEM32\winsrv32.exe -> Downloader.Adload.aq : Cleaned with backup
C:\WINDOWS\SYSTEM32\wyhlsufp.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\SYSTEM32\xcoksf.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\ydfyxa.exe -> Logger.Qukart.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__Dnleei32.dll -> Worm.Padobot.z : Cleaned with backup

::Report End

Can you please do the following.

===============

Scan with HiJackThis, then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll (file missing)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)

O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Free WebSite Tools.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O21 - SSODL: AIEIAHFC - {6EFC0045-76E0-3C9E-33E5-64FC7BA42DD7} - C:\WINDOWS\System32\Dnleei32.dll (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINDOWS\system32\susp.exe
C:\WINDOWS\system32\runsrv32.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

uh, I would not check these.


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)


Those are legit, and can be used by the user, just because it says the file is missing, doesn't mena it really is.

Please also ensure that this file is gone.


C:\WINDOWS\system32\winapi32.dll

Things seem to be working great now, thanks for all the help.

Here's my most recent HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:27:12 AM, on 5/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\My Documents\Documents\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B50B713-566A-4766-871E-26F4A84C6E20} (GINTCt9h.grid) - http://www.genavsystems.com/ftus/win660/probook2047.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/pro...tor/WebSWK.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/...lowActiveX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Good work, tolip; that's a clean log