0

I have been working on cleaning up a friends laptop for about a couple of weeks. I ran the HJT logs and posted to another site, but never received a reply. I ran Spyboy, AVG8, Ad-Aware, Advance System Care, ATF-Cleaner, Cyber Defender, Regseeker, vcleaner, Vundofix, Malwarebytes, FixO, and maybe a couple of more programs which have collectively found and removed at least a dozen malware items. The problem I have now is that I think either there are still insidious pests lurking on this system or I inadvertently altered some important xp files or settings. For the last couple of days I haven't been able to detect any malware, but for some reason when I boot up the screen doesn't display any icons or the taskbar. The My Documents folder is the only thing that comes up after windows boots up. Please advise.

Eset Scanner Log:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3895 (20090227)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=84fba5e05ad0234bbd34a920287ac62e
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-02-28 08:05:06
# local_time=2009-02-28 02:05:06 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=193962
# found=6
# scan_time=4040
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeBillCourtCologne.zip Win32/Bagle.gen.zip worm 1C87F64697B393385CA8A80583DBF674
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RSUPSru.zip Win32/Bagle.gen.zip worm C11EED265257B2BFA8D06860302B613D
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip Win32/Bagle.gen.zip worm 54BEA8391F22D59FEBE0C6A4F0694E23
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip Win32/Bagle.gen.zip worm 5D40D35F07F87430B5705B4112CFB941
C:\WINDOWS\system32\drivers\etc\hosts.20090218-144828.backup Win32/Qhost trojan B42A913C347CBAF4846ECC6C725405C9
C:\WINDOWS\system32\drivers\etc\hosts.20090218-154320.backup Win32/Qhost trojan 7F5A2B25290BBEAA94A6A44A8840FE3C


Malwarebytes log:

Malwarebytes' Anti-Malware 1.34
Database version: 1811
Windows 5.1.2600 Service Pack 2

2/28/2009 12:39:07 AM
mbam-log-2009-02-28 (00-39-07).txt

Scan type: Full Scan (C:\|)
Objects scanned: 123568
Time elapsed: 1 hour(s), 36 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Explorer1.exe (Trojan.Agent) -> Not selected for removal.
C:\userinit.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HijackThis Logs
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:26 AM, on 2/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
O4 - Startup: is-NFTC7.lnk = C:\Program Files\Virus Removal Tool\is-NFTC7\startup.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234905804250
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234987969531
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL wpcben.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8221 bytes

2
Contributors
27
Replies
28
Views
8 Years
Discussion Span
Last Post by jholland1964
0

Hi and welcome to daniweb,
For the missing desktop icons be certain you don't have them hidden.
Do this:
Right click your desktop -> Select "Arrange Icons By"
Verify that the option to "Show Desktop Icons" is checked

Now for your infections, yes they are still there, I see at least one in the HJT log. I also see by the MBA-M log that you showed two but only removed one. The files found by the ESET scanner were backups made by Spybot of items removed. You can empty the quarantine of Spybot.
You should update MBA-M again, then run another full system scan with it, REMOVE ALL that is found.
Reboot.
Run HJT again and post back with both new logs.
I would suggest also the you Uninstall any of the programs you used for these removal attempts except Spybot and MBA-M.
I don't know what FixO is, Vundofix is not used too often anymore as MBA-M does a good job of removing that infection. MBA-M also cleans out infected registry entries so other registry searching/cleaning programs are not necessary either. Plus you can get rid of the wrong files too and cause problems. AdAware isn't what it used to be, at least in my opinion, I would also uninstall that one too. I am also not real crazy about Cyber Defender either. It was previously listed as a Rogue Program, though it is off that list now, it just isn't "top of the line". I would remove that also.
Judy

0

Hi and welcome to daniweb,
For the missing desktop icons be certain you don't have them hidden.
Do this:
Right click your desktop -> Select "Arrange Icons By"
Verify that the option to "Show Desktop Icons" is checked

Now for your infections, yes they are still there, I see at least one in the HJT log. I also see by the MBA-M log that you showed two but only removed one. The files found by the ESET scanner were backups made by Spybot of items removed. You can empty the quarantine of Spybot.
You should update MBA-M again, then run another full system scan with it, REMOVE ALL that is found.
Reboot.
Run HJT again and post back with both new logs.
I would suggest also the you Uninstall any of the programs you used for these removal attempts except Spybot and MBA-M.
I don't know what FixO is, Vundofix is not used too often anymore as MBA-M does a good job of removing that infection. MBA-M also cleans out infected registry entries so other registry searching/cleaning programs are not necessary either. Plus you can get rid of the wrong files too and cause problems. AdAware isn't what it used to be, at least in my opinion, I would also uninstall that one too. I am also not real crazy about Cyber Defender either. It was previously listed as a Rogue Program, though it is off that list now, it just isn't "top of the line". I would remove that also.
Judy

Judy,
Thanks for your reply and I am very grateful for any advice you have.

I tried right-clicking the desktop, but nothing happens when I click on the desktop. I still don't have the icons or the taskbar/start menu.

I uninstalled the anti-malware programs as instructed.

HJT LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:37 PM, on 2/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKLM\..\RunOnce: [SpybotDeletingA3184] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5583] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8814] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9560] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - Startup: is-NFTC7.lnk = C:\Program Files\Virus Removal Tool\is-NFTC7\startup.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234905804250
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234987969531
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL wpcben.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8189 bytes

MBA-M Log:
Malwarebytes' Anti-Malware 1.34
Database version: 1813
Windows 5.1.2600 Service Pack 2

2/28/2009 1:32:57 PM
mbam-log-2009-02-28 (13-32-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 124623
Time elapsed: 1 hour(s), 25 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

Tell you what, there has been a LOT more added to the Auto Starting programs since the last run of HJT.
When you emptied the Spybot Quarantine, did you reboot the computer?
If not can you do so now and then run another HJT and post the log?

0

New HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:55 PM, on 2/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKLM\..\RunOnce: [SpybotDeletingA3184] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5583] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8814] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9560] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - Startup: is-NFTC7.lnk = C:\Program Files\Virus Removal Tool\is-NFTC7\startup.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234905804250
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234987969531
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL wpcben.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8149 bytes

0

No, I didn't download and run combofix.

Ok, then let's give it a try:
Please do the following;

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

0

What is FixO? I can find no information for it whatsoever.

After googling my blank desktop and explorer.exe issue and reading similar problems and fixes on geekstogo and bleepingcomputers I downloaded FixO. http://l3rady.com/wp-content/uploads/2008/09/fixo.zip

But honestly I don't know what it did other than not fix the problem.

0

Well run the combofix as instructed. I never found any information on FixO but in checking out posts in geekstogo the only ones I found noting that FixO program were over 4 years old. Not a good idea to try to use a program noted from that long ago. I did also go to the website noted where the download would come from, seems to be more of a blog rather than a website. Might be a good program, I just have never seen it.
Best advice is stick with current or recent posts in various sites when you are looking for information and don't download just any tool without checking it out.
It obviously did nothing for your computer or probably TO your computer so "no harm, no foul", this is just something to remember for the future.

0

I tried to copy/paste the combofix.txt file twice, but it didn't work for some reason. I'm not sure what happened. So I included it below as an attachment.

Attachments
ComboFix 09-02-28.01 - HURK 2009-02-28 21:38:54.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.511.209 [GMT -6:00]
Running from: c:\documents and settings\HURK\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Common Files\icroso~1.net
c:\program files\Common Files\icroso~1.net\?icrosoft.NET\
c:\program files\Common Files\racle~1
c:\program files\Common Files\ymante~1
c:\program files\tsks~1
c:\program files\wnsxs~1
c:\windows\explorer.exe.tmp
c:\windows\fnts~1
c:\windows\sembly~1
c:\windows\sks~1
c:\windows\system32\_004709_.tmp.dll
c:\windows\system32\_004710_.tmp.dll
c:\windows\system32\_004711_.tmp.dll
c:\windows\system32\_004712_.tmp.dll
c:\windows\system32\_004719_.tmp.dll
c:\windows\system32\_004720_.tmp.dll
c:\windows\system32\_004721_.tmp.dll
c:\windows\system32\_004722_.tmp.dll
c:\windows\system32\_004724_.tmp.dll
c:\windows\system32\_004725_.tmp.dll
c:\windows\system32\_004728_.tmp.dll
c:\windows\system32\_004729_.tmp.dll
c:\windows\system32\_004731_.tmp.dll
c:\windows\system32\_004732_.tmp.dll
c:\windows\system32\_004735_.tmp.dll
c:\windows\system32\_004738_.tmp.dll
c:\windows\system32\_004739_.tmp.dll
c:\windows\system32\_004743_.tmp.dll
c:\windows\system32\_004744_.tmp.dll
c:\windows\system32\_004746_.tmp.dll
c:\windows\system32\_004749_.tmp.dll
c:\windows\system32\_004751_.tmp.dll
c:\windows\system32\_004752_.tmp.dll
c:\windows\system32\_004753_.tmp.dll
c:\windows\system32\_004754_.tmp.dll
c:\windows\system32\_004755_.tmp.dll
c:\windows\system32\_004758_.tmp.dll
c:\windows\system32\_004759_.tmp.dll
c:\windows\system32\_004760_.tmp.dll
c:\windows\system32\_004761_.tmp.dll
c:\windows\system32\_004762_.tmp.dll
c:\windows\system32\_004767_.tmp.dll
c:\windows\system32\_004769_.tmp.dll
c:\windows\system32\JmUtCfhk.ini
c:\windows\system32\KmTsrBeg.ini
c:\windows\system32\mcroso~1
c:\windows\system32\rcoupocj.ini
C:\xcrashdump.dat

.
(((((((((((((((((((((((((   Files Created from 2009-02-01 to 2009-03-01  )))))))))))))))))))))))))))))))
.

2009-02-28 03:32 . 2008-10-16 14:06	268,648	--a------	c:\windows\system32\mucltui.dll
2009-02-28 03:32 . 2008-10-16 14:06	27,496	--a------	c:\windows\system32\mucltui.dll.mui
2009-02-28 03:28 . 2008-12-20 17:15	6,066,688	-----c---	c:\windows\system32\dllcache\ieframe.dll
2009-02-28 03:28 . 2007-04-17 03:32	2,455,488	-----c---	c:\windows\system32\dllcache\ieapfltr.dat
2009-02-28 03:28 . 2007-03-07 23:10	991,232	-----c---	c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-28 03:28 . 2008-12-20 17:15	459,264	-----c---	c:\windows\system32\dllcache\msfeeds.dll
2009-02-28 03:28 . 2008-12-20 17:15	383,488	-----c---	c:\windows\system32\dllcache\ieapfltr.dll
2009-02-28 03:28 . 2008-12-20 17:15	267,776	-----c---	c:\windows\system32\dllcache\iertutil.dll
2009-02-28 03:28 . 2008-12-20 17:15	63,488	-----c---	c:\windows\system32\dllcache\icardie.dll
2009-02-28 03:28 . 2008-12-20 17:15	52,224	-----c---	c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-28 03:28 . 2008-12-19 03:10	13,824	-----c---	c:\windows\system32\dllcache\ieudinit.exe
2009-02-28 00:55 . 2009-02-28 02:05	<DIR>	d--------	c:\program files\EsetOnlineScanner
2009-02-27 23:12 . 2009-02-27 23:12	<DIR>	d--------	c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-27 19:41 . 2004-08-10 05:00	4,190,352	--a------	c:\windows\system32\dllcache\luna.mst
2009-02-27 19:40 . 2005-09-09 19:53	2,067,968	--a------	c:\windows\system32\dllcache\cdosys.dll
2009-02-27 19:39 . 2009-01-16 21:35	3,594,752	-----c---	c:\windows\system32\dllcache\mshtml.dll
2009-02-27 19:38 . 2008-07-03 07:16	8,454,656	--a------	c:\windows\system32\dllcache\shell32.dll
2009-02-27 19:37 . 2008-08-14 04:00	2,180,352	--a------	c:\windows\system32\ntoskrnl.exe
2009-02-27 15:03 . 2009-02-27 18:53	<DIR>	d--------	C:\8f7f47fa79a1ca64c3066b6febb63558
2009-02-27 06:56 . 2008-04-13 18:12	483,840	--a------	c:\windows\system32\SET148.tmp
2009-02-27 06:56 . 2008-04-13 18:12	264,192	--a------	c:\windows\system32\SET15A.tmp
2009-02-27 06:56 . 2008-04-13 18:12	82,432	--a------	c:\windows\system32\SET157.tmp
2009-02-27 06:56 . 2008-04-13 18:12	80,896	--a------	c:\windows\system32\SET11DB.tmp
2009-02-27 06:56 . 2008-04-13 18:12	52,736	--a------	c:\windows\system32\SET149.tmp
2009-02-27 06:56 . 2008-04-13 18:12	22,528	--a------	c:\windows\system32\SET14D.tmp
2009-02-27 06:56 . 2008-04-13 18:12	19,968	--a------	c:\windows\system32\SET156.tmp
2009-02-27 06:56 . 2008-04-13 18:12	19,456	--a------	c:\windows\system32\SET14F.tmp
2009-02-27 06:56 . 2008-04-13 18:12	18,432	--a------	c:\windows\system32\SET14B.tmp
2009-02-27 06:56 . 2008-04-13 18:12	6,656	--a------	c:\windows\system32\SET11D6.tmp
2009-02-27 06:54 . 2008-04-13 18:12	8,461,312	--a------	c:\windows\system32\SET1E7.tmp
2009-02-27 06:53 . 2008-04-13 18:11	3,066,880	--a------	c:\windows\system32\SET2D3.tmp
2009-02-27 06:52 . 2006-10-14 02:13	981,760	--a------	c:\windows\system32\SET30A.tmp
2009-02-27 06:52 . 2008-04-13 18:11	512,000	--a------	c:\windows\system32\SET32C.tmp
2009-02-27 06:52 . 2008-04-13 18:11	299,520	--a------	c:\windows\system32\SET328.tmp
2009-02-27 06:52 . 2008-04-13 18:11	118,272	--a------	c:\windows\system32\SET30E.tmp
2009-02-27 06:52 . 2008-04-13 18:11	97,280	--a------	c:\windows\system32\SET31D.tmp
2009-02-27 06:52 . 2008-04-13 18:12	33,280	--a------	c:\windows\system32\SET326.tmp
2009-02-27 06:52 . 2008-04-13 18:11	18,944	--a------	c:\windows\system32\SET308.tmp
2009-02-27 06:52 . 2008-04-13 18:12	13,312	--a------	c:\windows\system32\SET316.tmp
2009-02-27 06:51 . 2008-04-13 18:11	331,264	--a------	c:\windows\system32\SET33F.tmp
2009-02-27 06:51 . 2008-04-13 18:11	251,904	--a------	c:\windows\system32\SET35A.tmp
2009-02-27 06:51 . 2008-04-13 18:11	183,808	--a------	c:\windows\system32\SET33B.tmp
2009-02-27 06:51 . 2008-04-13 18:11	110,080	--a------	c:\windows\system32\SET34F.tmp
2009-02-27 06:51 . 2008-04-13 18:11	94,720	--a------	c:\windows\system32\SET341.tmp
2009-02-27 06:51 . 2008-04-13 18:11	75,264	--a------	c:\windows\system32\SET34A.tmp
2009-02-27 06:51 . 2008-04-13 18:12	17,408	--a------	c:\windows\system32\SET343.tmp
2009-02-27 06:49 . 2008-04-13 18:11	1,689,088	--a------	c:\windows\system32\SET1255.tmp
2009-02-27 03:37 . 2009-02-28 21:41	235,038,752	--ahs----	c:\windows\system32\drivers\fidbox.dat
2009-02-27 03:37 . 2009-02-28 20:56	2,746,220	--ahs----	c:\windows\system32\drivers\fidbox.idx
2009-02-27 03:36 . 2009-02-27 11:47	<DIR>	d--------	c:\program files\Virus Removal Tool
2009-02-27 03:36 . 2008-07-08 13:54	148,496	--a------	c:\windows\system32\drivers\39915523.sys
2009-02-26 22:26 . 2004-08-10 04:13	73,728	--a--c---	c:\windows\system32\dllcache\ehresja.dll
2009-02-26 22:26 . 2004-08-10 04:13	69,632	--a--c---	c:\windows\system32\dllcache\ehresko.dll
2009-02-26 22:26 . 2004-08-10 04:13	69,632	--a--c---	c:\windows\system32\dllcache\ehresfr.dll
2009-02-26 22:26 . 2004-08-10 04:13	69,632	--a--c---	c:\windows\system32\dllcache\ehresde.dll
2009-02-26 22:24 . 2004-08-10 05:00	1,875,968	--a--c---	c:\windows\system32\dllcache\msir3jp.lex
2009-02-26 22:23 . 2004-08-10 05:00	13,463,552	--a------	c:\windows\system32\dllcache\hwxjpn.dll
2009-02-26 22:22 . 2004-08-10 05:00	1,677,824	--a--c---	c:\windows\system32\dllcache\chsbrkr.dll
2009-02-26 22:21 . 2004-08-10 05:00	364,544	--a------	c:\windows\system32\dllcache\npdsplay.dll
2009-02-26 22:21 . 2004-08-10 05:00	169,984	--a--c---	c:\windows\system32\dllcache\iisui.dll
2009-02-26 22:21 . 2004-08-10 05:00	94,720	--a--c---	c:\windows\system32\dllcache\certmap.ocx
2009-02-26 22:21 . 2004-08-10 05:00	19,968	--a--c---	c:\windows\system32\dllcache\inetsloc.dll
2009-02-26 22:21 . 2004-08-10 05:00	14,336	--a--c---	c:\windows\system32\dllcache\iisreset.exe
2009-02-26 22:21 . 2004-08-10 05:00	10,240	--a------	c:\windows\system32\dllcache\npwmsdrm.dll
2009-02-26 22:21 . 2004-08-10 05:00	7,680	--a--c---	c:\windows\system32\dllcache\inetmgr.exe
2009-02-26 22:21 . 2004-08-10 05:00	7,168	--a--c---	c:\windows\system32\dllcache\wamregps.dll
2009-02-26 22:21 . 2004-08-10 05:00	6,144	--a--c---	c:\windows\system32\dllcache\ftpsapi2.dll
2009-02-26 22:21 . 2004-08-10 05:00	5,632	--a--c---	c:\windows\system32\dllcache\iisrstap.dll
2009-02-26 22:21 . 2004-08-10 05:00	4,639	--a------	c:\windows\system32\dllcache\mplayer2.exe
2009-02-26 22:13 . 2009-02-26 22:13	749	-rah-----	c:\windows\WindowsShell.Manifest
2009-02-26 22:13 . 2009-02-26 22:13	749	-rah-----	c:\windows\system32\wuaucpl.cpl.manifest
2009-02-26 22:13 . 2009-02-26 22:13	749	-rah-----	c:\windows\system32\sapi.cpl.manifest
2009-02-26 22:13 . 2009-02-26 22:13	488	-rah-----	c:\windows\system32\logonui.exe.manifest
2009-02-26 22:12 . 2004-08-10 05:00	16,384	--a--c---	c:\windows\system32\dllcache\isignup.exe
2009-02-26 22:12 . 2009-02-26 22:12	749	-rah-----	c:\windows\system32\nwc.cpl.manifest
2009-02-26 22:12 . 2009-02-26 22:12	749	-rah-----	c:\windows\system32\ncpa.cpl.manifest
2009-02-26 21:02 . 2004-08-10 05:00	24,661	--a------	c:\windows\system32\spxcoins.dll
2009-02-26 21:02 . 2004-08-10 05:00	24,661	--a--c---	c:\windows\system32\dllcache\spxcoins.dll
2009-02-26 21:02 . 2004-08-10 05:00	13,312	--a------	c:\windows\system32\irclass.dll
2009-02-26 21:02 . 2004-08-10 05:00	13,312	--a--c---	c:\windows\system32\dllcache\irclass.dll
2009-02-26 14:45 . 2009-02-26 14:45	<DIR>	d--------	c:\windows\dell
2009-02-25 20:05 . 2009-02-27 23:00	<DIR>	d--------	c:\windows\system32\CatRoot_bak
2009-02-25 18:44 . 2009-02-25 20:10	90,327	--a------	c:\windows\setupapi.old
2009-02-25 13:45 . 2009-02-25 13:45	<DIR>	d--------	c:\program files\Trend Micro
2009-02-25 12:50 . 2009-02-25 12:50	<DIR>	d--------	c:\documents and settings\Administrator\Application Data\IObit
2009-02-25 12:46 . 2009-02-25 12:46	<DIR>	d--------	c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-24 16:19 .
0

You have a huge number of temp files on there, they should be removed.
Download and install CCleaner
Run the default scan, which is the first page that opens. Remove everything it finds.

Then UPDATE the Malwarebytes' Anti-Malware program. Run a full system scan and REMOVE everything found. Save the log.

Reboot and then run HiJackThis again, post both logs here.
It is going to take quite awhile to go through your combofix log. I will post that information when I am finished reading the log.

0

You have a huge number of temp files on there, they should be removed.
Download and install CCleaner
Run the default scan, which is the first page that opens. Remove everything it finds.

Then UPDATE the Malwarebytes' Anti-Malware program. Run a full system scan and REMOVE everything found. Save the log.

Reboot and then run HiJackThis again, post both logs here.
It is going to take quite awhile to go through your combofix log. I will post that information when I am finished reading the log.

I ran ccleaner and removed everything it found.

New HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:08 AM, on 3/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8814] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9560] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - Startup: is-NFTC7.lnk = C:\Program Files\Virus Removal Tool\is-NFTC7\startup.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234905804250
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234987969531
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7470 bytes

New MBA-M log
Malwarebytes' Anti-Malware 1.34
Database version: 1813
Windows 5.1.2600 Service Pack 2

3/1/2009 10:06:46 AM
mbam-log-2009-03-01 (10-06-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 125192
Time elapsed: 1 hour(s), 17 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0

Ok, I would like you to delete combofix. Then download a new copy as it updates often and run it again. Combofix Post the new log here.

The new Combofix log is attached.

Attachments
ComboFix 09-02-28.01 - HURK 2009-03-01 14:17:48.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.511.179 [GMT -6:00]
Running from: c:\documents and settings\HURK\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2009-02-01 to 2009-03-01  )))))))))))))))))))))))))))))))
.

2009-03-01 00:33 . 2009-03-01 00:33	<DIR>	d--------	C:\Security
2009-03-01 00:27 . 2009-03-01 00:27	<DIR>	d--------	c:\program files\Microsoft Silverlight
2009-03-01 00:26 . 2009-03-01 00:26	<DIR>	d--------	c:\program files\Microsoft
2009-03-01 00:15 . 2006-11-13 00:02	288,768	---------	c:\windows\system32\rhttpaa.dll
2009-03-01 00:15 . 2006-11-13 00:02	116,736	---------	c:\windows\system32\aaclient.dll
2009-03-01 00:15 . 2006-11-13 00:02	36,352	---------	c:\windows\system32\tsgqec.dll
2009-02-28 03:32 . 2008-10-16 14:06	268,648	--a------	c:\windows\system32\mucltui.dll
2009-02-28 03:32 . 2008-10-16 14:06	27,496	--a------	c:\windows\system32\mucltui.dll.mui
2009-02-28 03:28 . 2008-12-20 17:15	6,066,688	-----c---	c:\windows\system32\dllcache\ieframe.dll
2009-02-28 03:28 . 2007-04-17 03:32	2,455,488	-----c---	c:\windows\system32\dllcache\ieapfltr.dat
2009-02-28 03:28 . 2007-03-07 23:10	991,232	-----c---	c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-28 03:28 . 2008-12-20 17:15	459,264	-----c---	c:\windows\system32\dllcache\msfeeds.dll
2009-02-28 03:28 . 2008-12-20 17:15	383,488	-----c---	c:\windows\system32\dllcache\ieapfltr.dll
2009-02-28 03:28 . 2008-12-20 17:15	267,776	-----c---	c:\windows\system32\dllcache\iertutil.dll
2009-02-28 03:28 . 2008-12-20 17:15	63,488	-----c---	c:\windows\system32\dllcache\icardie.dll
2009-02-28 03:28 . 2008-12-20 17:15	52,224	-----c---	c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-28 03:28 . 2008-12-19 03:10	13,824	-----c---	c:\windows\system32\dllcache\ieudinit.exe
2009-02-28 00:55 . 2009-02-28 02:05	<DIR>	d--------	c:\program files\EsetOnlineScanner
2009-02-27 23:12 . 2009-02-27 23:12	<DIR>	d--------	c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-27 19:41 . 2004-08-10 05:00	4,190,352	--a------	c:\windows\system32\dllcache\luna.mst
2009-02-27 19:40 . 2005-09-09 19:53	2,067,968	--a------	c:\windows\system32\dllcache\cdosys.dll
2009-02-27 19:39 . 2009-01-16 21:35	3,594,752	-----c---	c:\windows\system32\dllcache\mshtml.dll
2009-02-27 19:38 . 2008-07-03 07:16	8,454,656	--a------	c:\windows\system32\dllcache\shell32.dll
2009-02-27 19:37 . 2008-08-14 04:00	2,180,352	--a------	c:\windows\system32\ntoskrnl.exe
2009-02-27 15:03 . 2009-02-27 18:53	<DIR>	d--------	C:\8f7f47fa79a1ca64c3066b6febb63558
2009-02-27 06:56 . 2008-04-13 18:12	483,840	--a------	c:\windows\system32\SET148.tmp
2009-02-27 06:56 . 2008-04-13 18:12	264,192	--a------	c:\windows\system32\SET15A.tmp
2009-02-27 06:56 . 2008-04-13 18:12	82,432	--a------	c:\windows\system32\SET157.tmp
2009-02-27 06:56 . 2008-04-13 18:12	80,896	--a------	c:\windows\system32\SET11DB.tmp
2009-02-27 06:56 . 2008-04-13 18:12	52,736	--a------	c:\windows\system32\SET149.tmp
2009-02-27 06:56 . 2008-04-13 18:12	22,528	--a------	c:\windows\system32\SET14D.tmp
2009-02-27 06:56 . 2008-04-13 18:12	19,968	--a------	c:\windows\system32\SET156.tmp
2009-02-27 06:56 . 2008-04-13 18:12	19,456	--a------	c:\windows\system32\SET14F.tmp
2009-02-27 06:56 . 2008-04-13 18:12	18,432	--a------	c:\windows\system32\SET14B.tmp
2009-02-27 06:56 . 2008-04-13 18:12	6,656	--a------	c:\windows\system32\SET11D6.tmp
2009-02-27 06:54 . 2008-04-13 18:12	8,461,312	--a------	c:\windows\system32\SET1E7.tmp
2009-02-27 06:53 . 2008-04-13 18:11	3,066,880	--a------	c:\windows\system32\SET2D3.tmp
2009-02-27 06:52 . 2006-10-14 02:13	981,760	--a------	c:\windows\system32\SET30A.tmp
2009-02-27 06:52 . 2008-04-13 18:11	512,000	--a------	c:\windows\system32\SET32C.tmp
2009-02-27 06:52 . 2008-04-13 18:11	299,520	--a------	c:\windows\system32\SET328.tmp
2009-02-27 06:52 . 2008-04-13 18:11	118,272	--a------	c:\windows\system32\SET30E.tmp
2009-02-27 06:52 . 2008-04-13 18:11	97,280	--a------	c:\windows\system32\SET31D.tmp
2009-02-27 06:52 . 2008-04-13 18:12	33,280	--a------	c:\windows\system32\SET326.tmp
2009-02-27 06:52 . 2008-04-13 18:11	18,944	--a------	c:\windows\system32\SET308.tmp
2009-02-27 06:52 . 2008-04-13 18:12	13,312	--a------	c:\windows\system32\SET316.tmp
2009-02-27 06:51 . 2008-04-13 18:11	331,264	--a------	c:\windows\system32\SET33F.tmp
2009-02-27 06:51 . 2008-04-13 18:11	251,904	--a------	c:\windows\system32\SET35A.tmp
2009-02-27 06:51 . 2008-04-13 18:11	183,808	--a------	c:\windows\system32\SET33B.tmp
2009-02-27 06:51 . 2008-04-13 18:11	110,080	--a------	c:\windows\system32\SET34F.tmp
2009-02-27 06:51 . 2008-04-13 18:11	94,720	--a------	c:\windows\system32\SET341.tmp
2009-02-27 06:51 . 2008-04-13 18:11	75,264	--a------	c:\windows\system32\SET34A.tmp
2009-02-27 06:51 . 2008-04-13 18:12	17,408	--a------	c:\windows\system32\SET343.tmp
2009-02-27 06:49 . 2008-04-13 18:11	1,689,088	--a------	c:\windows\system32\SET1255.tmp
2009-02-27 03:37 . 2009-03-01 14:20	252,438,560	--ahs----	c:\windows\system32\drivers\fidbox.dat
2009-02-27 03:37 . 2009-03-01 10:08	2,800,004	--ahs----	c:\windows\system32\drivers\fidbox.idx
2009-02-27 03:36 . 2009-02-27 11:47	<DIR>	d--------	c:\program files\Virus Removal Tool
2009-02-27 03:36 . 2008-07-08 13:54	148,496	--a------	c:\windows\system32\drivers\39915523.sys
2009-02-26 22:26 . 2004-08-10 04:13	73,728	--a--c---	c:\windows\system32\dllcache\ehresja.dll
2009-02-26 22:26 . 2004-08-10 04:13	69,632	--a--c---	c:\windows\system32\dllcache\ehresko.dll
2009-02-26 22:26 . 2004-08-10 04:13	69,632	--a--c---	c:\windows\system32\dllcache\ehresfr.dll
2009-02-26 22:26 . 2004-08-10 04:13	69,632	--a--c---	c:\windows\system32\dllcache\ehresde.dll
2009-02-26 22:24 . 2004-08-10 05:00	1,875,968	--a--c---	c:\windows\system32\dllcache\msir3jp.lex
2009-02-26 22:23 . 2004-08-10 05:00	13,463,552	--a------	c:\windows\system32\dllcache\hwxjpn.dll
2009-02-26 22:22 . 2004-08-10 05:00	1,677,824	--a--c---	c:\windows\system32\dllcache\chsbrkr.dll
2009-02-26 22:21 . 2004-08-10 05:00	364,544	--a------	c:\windows\system32\dllcache\npdsplay.dll
2009-02-26 22:21 . 2004-08-10 05:00	169,984	--a--c---	c:\windows\system32\dllcache\iisui.dll
2009-02-26 22:21 . 2004-08-10 05:00	94,720	--a--c---	c:\windows\system32\dllcache\certmap.ocx
2009-02-26 22:21 . 2004-08-10 05:00	19,968	--a--c---	c:\windows\system32\dllcache\inetsloc.dll
2009-02-26 22:21 . 2004-08-10 05:00	14,336	--a--c---	c:\windows\system32\dllcache\iisreset.exe
2009-02-26 22:21 . 2004-08-10 05:00	10,240	--a------	c:\windows\system32\dllcache\npwmsdrm.dll
2009-02-26 22:21 . 2004-08-10 05:00	7,680	--a--c---	c:\windows\system32\dllcache\inetmgr.exe
2009-02-26 22:21 . 2004-08-10 05:00	7,168	--a--c---	c:\windows\system32\dllcache\wamregps.dll
2009-02-26 22:21 . 2004-08-10 05:00	6,144	--a--c---	c:\windows\system32\dllcache\ftpsapi2.dll
2009-02-26 22:21 . 2004-08-10 05:00	5,632	--a--c---	c:\windows\system32\dllcache\iisrstap.dll
2009-02-26 22:21 . 2004-08-10 05:00	4,639	--a------	c:\windows\system32\dllcache\mplayer2.exe
2009-02-26 22:13 . 2009-02-26 22:13	749	-rah-----	c:\windows\WindowsShell.Manifest
2009-02-26 22:13 . 2009-02-26 22:13	749	-rah-----	c:\windows\system32\wuaucpl.cpl.manifest
2009-02-26 22:13 . 2009-02-26 22:13	749	-rah-----	c:\windows\system32\sapi.cpl.manifest
2009-02-26 22:13 . 2009-02-26 22:13	488	-rah-----	c:\windows\system32\logonui.exe.manifest
2009-02-26 22:12 . 2004-08-10 05:00	16,384	--a--c---	c:\windows\system32\dllcache\isignup.exe
2009-02-26 22:12 . 2009-02-26 22:12	749	-rah-----	c:\windows\system32\nwc.cpl.manifest
2009-02-26 22:12 . 2009-02-26 22:12	749	-rah-----	c:\windows\system32\ncpa.cpl.manifest
2009-02-26 21:02 . 2004-08-10 05:00	24,661	--a------	c:\windows\system32\spxcoins.dll
2009-02-26 21:02 . 2004-08-10 05:00	24,661	--a--c---	c:\windows\system32\dllcache\spxcoins.dll
2009-02-26 21:02 . 2004-08-10 05:00	13,312	--a------	c:\windows\system32\irclass.dll
2009-02-26 21:02 . 2004-08-10 05:00	13,312	--a--c---	c:\windows\system32\dllcache\irclass.dll
2009-02-26 14:45 . 2009-02-26 14:45	<DIR>	d--------	c:\windows\dell
2009-02-25 20:05 . 2009-02-27 23:00	<DIR>	d--------	c:\windows\system32\CatRoot_bak
2009-02-25 18:44 . 2009-02-25 20:10	90,327	--a------	c:\windows\setupapi.old
2009-02-25 13:45 . 2009-02-25 13:45	<DIR>	d--------	c:\program files\Trend Micro
2009-02-25 12:50 . 2009-02-25 12:50	<DIR>	d--------	c:\documents and settings\Administrator\Application Data\IObit
2009-02-25 12:46 . 2009-02-25 12:46	<DIR>	d--------	c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-24 16:19 . 2009-02-28 12:03	<DIR>	d--------	c:\documents and settings\LYNN CRUTCHER\Application Data\IObit
2009-02-24 16:16 . 2009-02-24 16:16	<DIR>	d--------	c:\documents and settings\LYNN CRUTCHER\Application Data\Malwarebytes
2009-02-24 12:56 . 2009-02-24 12:56	7,680	--ahs----	c:\windows\system32\Thumbs.db
2009-02-24 11:13 . 2009-02-24 11:13	<DIR>	d--------	c:\documents and settings\HURK\Application Data\IObit
2009-02-24 10:23 . 2009-02-24 10:23	<DIR>	d--------	c:\program files\regseeker
2009-02-24 00:16 . 2009-02-24 00:16	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2009-02-24 00:16 . 2009-02-24 00:16	<DIR>	d--------	c:\documents and settings\HURK\Application Data\Malwarebytes
2009-02-24 00:16 . 2009-02-24 00:16	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-24 00:16 . 2009-02-11 10:19	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 00:16 . 2009-02-11 10:19	15,504	--a------	c:\windows\system32\drivers\mbam.sys
2009-02-21 21:39 . 2004-08-04 00:56	21,504	--a------	c:\windows\system32\drivers\hidserv.dll
2009-02-21 21:30 . 2009-02-27 00:59	<DIR>	d--------	c:\program files\Windows Media Connect 2
2009-02-21 21:20 . 2009-02-21 21:24	<DIR>	d--------	c:\windows\system32\drivers\UMDF
2009-02-21 20:05 . 2009-02-21 20:05	114	--a------	c:\documents and settings\Administrator\Appl
0

Updated HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:34 PM, on 3/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8814] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9560] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - Startup: is-NFTC7.lnk = C:\Program Files\Virus Removal Tool\is-NFTC7\startup.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234905804250
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234987969531
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7469 bytes

0

Sorry for the delay.
Looking through your logs I see on March 1, 2009 you installed Microsoft Silverlight, you really shouldn't be installing NEW unnecessary items until the computer is declared clean.

I also see in the logs c:\program files\Virus Removal Tool installed on Feb. 27. Do you know what this tool is?

0

Sorry for the delay.
Looking through your logs I see on March 1, 2009 you installed Microsoft Silverlight, you really shouldn't be installing NEW unnecessary items until the computer is declared clean.

I also see in the logs c:\program files\Virus Removal Tool installed on Feb. 27. Do you know what this tool is?

That is the Kaspersky Virus Removal Tool that. Should I uninstall it?

0

Run HJT again and put check marks next to the following entries
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKCU\..\RunOnce: [SpybotDeletingB8814] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9560] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - Startup: is-NFTC7.lnk = C:\Program Files\Virus Removal Tool\is-NFTC7\startup.exe

Click the Fix Checked button.
Exit HJT.
Reboot the computer.
Run another HJT scan and save the log and post it here.

Also another thought, is there more than one User account on this computer?

If desktop icons and taskbar are still missing try this;
press control+alt+delete
then start task manager
click on processes
click file>new task(run...)
type in explorer.exe
then click ok

0

Yes, this computer has two admin logins and a guest login.

I tried c'trl alt del>taskmanager>explorer.exe, but that only opened another my documents folder.

Thought: To run these scans should I be booting up via the general tab in msconfig as Normal or Selective? Currently it is on Selective.

Also, Should all startup options be selected?

0

New HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:19 AM, on 3/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169351415\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_SA3.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [%PROVIDERID%] "bin\sprtcmd.exe" /P %PROVIDERID%
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234905804250
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234987969531
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8235 bytes

0

Yes, this computer has two admin logins and a guest login.

Have you tried using all of the different accounts to see if all are affected by this no icon/no taskbar problem?

Thought: To run these scans should I be booting up via the general tab in msconfig as Normal or Selective? Currently it is on Selective.

Also, Should all startup options be selected?

Running the various anti-malware scans wouldn't need all start up items re-enabled, but at least one run with HJT would help, that way you can see items which maybe loading causing problems OR can also show obvious infection programs that may try to load at start up.
Is this latest HJT log one with Normal Start up turned back on in msconfig?
The reason I ask is because in this latest log it shows Spybot TeaTimer in auto starts, it never showed before.
That should be turned off from within the Spybot program itself. This can interfere with any fixes attempted with HJT and also some other programs.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Go to the link below
http://www.kellys-korner-xp.com/xp_tweaks.htm
You might try #117 to correct the missing taskbar and icons.
Follow the directions at the top of that page

0

Have you tried using all of the different accounts to see if all are affected by this no icon/no taskbar problem?

Yes I have. I get the same results from all logins.


Running the various anti-malware scans wouldn't need all start up items re-enabled, but at least one run with HJT would help, that way you can see items which maybe loading causing problems OR can also show obvious infection programs that may try to load at start up.
Is this latest HJT log one with Normal Start up turned back on in msconfig?
The reason I ask is because in this latest log it shows Spybot TeaTimer in auto starts, it never showed before.
That should be turned off from within the Spybot program itself. This can interfere with any fixes attempted with HJT and also some other programs.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Go to the link below
http:/ /www.kellys-korner-xp.com/xp_tweaks.htm
You might try #117 to correct the missing taskbar and icons.
follow the directions at the top of that page

The latest hjt log is from the normal startup option in msconfig.
I unchecked TeaTimer in Spybot as requested.
The kellys-korner tweak updated the registry, but it didn't correct the problem.

0

Jholland1964,
I would like to thank you for your help and advice. Unfortunately, as time has become an increasing priority I decided to use the dell PC Restore to return everything back to how it was on day1. Thanks again.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.