Posts by jholland1964

No, there are just some online scans that don't work for everyone.
Try one of these, all don't give the option to remove but do produce a log.

http://support.f-secure.com/enu/home/ols.shtml

http://www.pandasoftware.com/products/activescan.htm

http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

What you are dealing with can and is very dangerous. Both of these files are from ONE trojan...so far. Unless you get this cleaned up there most likely will be many more.

Here are links below where I found the info I have posted below the links.
http://www.threatexpert.com/report.aspx?md5=d0d1de13d27d01c318d4fe488ae03846

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_ZAPCHAST.C

http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.Zapchast.H&threatid=75596

Trojan.Zapchast
This one is considered High Risk.
High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.
Trojan.Zapchast puts a copy of itself in the registry as a Window's runkey so that is it activated when Windows starts. When active, this trojan will execute another trojan, Trojan.Pakes, which downloads other malware.

Creates an executable file in the fake Recycle Bin folder with the purpose of concealing its presence in the system.
Creates fake Recycle Bin folder.
Must be removed

Looks to me like the computer is clean.
Now I will try to answer your original questions as best as possible.
I am going to advise that you Uninstall the following programs:
CA Yahoo! Anti-Spy
McAfee Site Advisor
ParetoLogic Anti-Spyware
PC Pitstop Optimize2 2.0
PC-Doctor for Windows
Windows Defender
WinPatrol 2008
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar

Those computer security programs listed above, while pretty decent programs are unneeded and probably too much for your computer since it is a used computer.
Keep the MBA-M program and update and do a quick scan with it at least weekly. Keep the antivirus program you have.
Add SpywareBlaster for superb protection. It is FREE, it DOES NOT run in the background and keeps you well protected. Download, Install, Update and Enable All Protection and then CLOSE the PROGRAM. That's it. Just manually check for updates weekly, sometimes it will have some and sometimes not. When it does be sure to Enable All Protection again and close the program.

The basic advice is this you CANNOT just Delete. These programs have to actually be UNINSTALLED using Add/Remove. If you just delete it doesn't remove the program it just deletes it from the list, but the program remains.
As for the online scans, there is no need to do these all the time and what works for some won't work for others, so pick …

Ok, looks like the computer is clean. You came here because your computer was running slow and wondered if you began in the right place, yes you did. The right thing to do first is be sure the computer is clean and now it appears by your logs that it is.

That said, first thing I have to say is you really cannot assume because another computer on your connection is very fast that all computers on that hook up will be fast, because they won't be, UNLESS they are absolutely IDENTICAL computers..with all hardware identical, all software identical and all set to run exactly the same way, all security programs identical, all internet surfing and program use is identical, exactly same hours online identical. Occasionally this will be the case, if both are purchased together and set up that way, but most of the time this just won't be the case. Identical twins have some differences even if they cannot be seen.
Now let's see if we can speed this up. You have all ready discovered there were some problems with the router, that would have been my next suggestion for checking, and you have done that and things have improved some. So on to the next thing;
I mentioned the McAfee Site Advisor as a possibility of slow downs, yes it could even slow your downloads. This program is really unnecessary because both IE and also Firefox browsers check sites for you today. So I …

Your Home Page does show in the log, it is the R0 listing.
R1 is for Internet Explorers Search functions and other characteristics. Many were probably on the computer when you got it. They take up NO room on the computer. They essentially are just listings. As I said, we can remove those later. They are not any problem on the computer and take up no room. We can do nothing about those until you complete the steps given.
Please run the MBA-M program as directed, let it REMOVE what it finds and save the log. Reboot the computer.
Run HJT again and save the log. Post back here with both logs and we will move forward from there.

Check the Windows power management settings (go to the Windows desktop, right-click and choose properties) and check that you're not getting the power management kicking in and switching off the monitor.
If you cannot do anything then what do you do, manually shut down or what? Is this a laptop or desktop computer? How long has this been happening? How long does the computer operate before this happens? Does this happen while you are using it or is it sitting idle?

I really see nothing in your HJT log that indicates infection. Though your MBA-M did find Vundo Trojan and removed it.
I would advise that you also run ESET Online Scanner.
* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us.

No, you are in the right forum if you want your log read, I will do that, just needed answers to those questions.

Well as you can see both MBA-M and combofix did remove "some" infections but certainly not all. The computer is "grossly" infected and there are more coming on daily.
One may have been added just yesterday. If you note in the combofix log there is a Scheduled Task added yesterday, Ad-AwareAdmin.exe. DID you add that yourself?
And if you did why did you add a new program in the middle of a fix?
If you didn't then this could be a sign of a new infection.
I have given this a lot of thought since my post to you less than an hour ago, you may be better off reformatting and reloading. The reason being, the computer has so many infections on it that key files may have been damaged and even if the infections are removed the computer may not work the way it once did.
I will let you choose. If you wish to go on then I will try to help you get the computer clean, but I cannot guarantee this will work, but I am willing to try.
Let me know.
Judy

As you can imagine this is going to take while to go through this whole log. Have to look at each entry.
Two things I note, other than the notations about the infected files,
are this C:\A Day To Remember - If It Means A Lot To You.mp3
This file came onto the computer on 2/27/2009. Looks to me like all the rest of this junk began arriving the next day.
Another thing I noted is that you have an odd task in your Task Scheduler;
2009-03-05 c:\windows\Tasks\At1.job
- c:\windows\system32\lzaapgm.dll
See if you can get that out of there. It shouldn't be there.
Also see that AdAware has been added as a Scheduled task..take that one out too.
I will get back with you on the rest of the log.
AFTER you do those things above Update MBA-M and run a Full System scan with it. Have it REMOVE all found. Save the log.
Reboot and post back with the MBA-M log

Are you on dial up? I see you are running Avira antivirus which is good and you are also running McAfee Site Advisor. Good program basically but it does come with some slow down issues as it has to retrieve information about every webpage you access, or every link in the search results on your Google, MSN, AOL searches. If you have a fast PC and a very fast Internet connection, 4Mbits or faster, then it won't be too noticeable. But if you connection is normally a slow this will slow surfing more. if your PC is not fast enough and/or your broadband connection is also not fast enough, or you are on a dialup connection, then Site Advisor could be the cause. You might try disabling it and see if it makes a difference.

Have you updated it? It has updates DAILY sometimes several times a day. I want you to update it and then run a Full Scan with it.

Please run the Housecall online virus scan located at:
http://housecall.trendmicro.com/housecall/start_corp.asp
Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system. I don't believe Trend Micro produces a log, if it does of course save it. If not please make note of the names and locations of anything found
When the scan is finished, please restart your computer.

Update MBA-M. Run another Full System scan with it and of course have it REMOVE EVERYTHING found.
Reboot.
Run another HJT scan, save the log and post back here with the MBA-M log, and HJT log.

The R1 listings you refer to in the HJT log are NOT programs, they are essentially a list of the Internet Explorer Start Page...the home page.
They can all be removed if you wish but you will lose the home page you have chosen. They aren't taking up room but they can be fixed later. They are not important and are NOT signs of infection or any cause of a slow down of the computer.
I don't know what Windows Live Care will do, I have never used it so I cannot advise on that.
The items it says it found are trojans, they are NOT viruses so that is probably why they were not found by ESET. Different programs find different things, not unusual at all. This is why it is always recommended when you suspect infection that several programs be run.
Generally here we recommend that you begin with one program and that is Malwarebytes' Anti-Malware (MBA-M)
Follow these instructions exactly:

download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results …

Please Download ATF-Cleaner.exe by Atribune Save it to the desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
REBOOT the computer.

Please Run the ESET Online Scanner and attach the …

Go to http://virusscan.jotti.org/
Upload these two files there for scanning and see what they show

d:\windows\system32\fxjjtlhq.dll

d:\windows\system32\arwehdx.dll

Just run combofix and don't worry about it.

It will take awhile to read this log, as you can well imagine. Will get back with you ASAP.
Judy

I would suggest for now you turn off that DEP control for combofix for sure so when the box opens then you tell it to turn off for combofix.
You will have to disable AVG from starting at all, probably via msconfig.
You can disconnect from the internet if you want, since your protection programs have to be off. It doesn't matter though, it's up to you.

Hi Community.

Can anyone tell me how to remove REG/Zapchast.H and BAT/Zapchast.CE viruses?

Thanks,

scripted

Nobody can give any info until WE have info...operating system, av program, firewall, anti-malware programs and, most important, how do you know you have these on the computer?

I honestly don't see much in that Uninstall list that requires removal. I see no games in there at all. Are you certain there are games on there?
You can uninstall Win Patrol if it is annoying to you, that is what I did finally. But it is an ok program
You can uninstall these;
This one because you said you have a Brothers printer so these wouldn't be needed>HP Deskjet printer preloaded drivers
CA Yahoo! Anti-Spy (remove only)
ParetoLogic Anti-Spyware
Though it doesn't show in the Uninstall list this IS showing in the HJT log start up;
C:\Program Files\iolo\System Mechanic Professional 6\
Now you mentioned both AdAware and Spybot...neither of these show on that Uninstall list, are you certain they are installed on the computer? Neither of them show in the HJT log.

Well we tried our darndest, that is all we can do. Hope things are going well now.
Judy

1. Click Start
2. Select Control Panel
3. Select System
4. Click the Advanced tab
5. In the Performance region select Settings
6. Click the Data Execute tab in the dialog box that opens
7. Select Turn on DEP for all programs and services except for those I select
8. Click Add.
9. The open dialog box will open. Browse and select your application.
10. Click Open
11. Click Apply
12. Click Ok
13. Reboot

To turn off AVG do the following: Right click on the AVG icon in System Tray and hit Exit.

Hi jholland,
Alright, done!

When I try to cut and paste the Combofix log on this quick reply thread, the screen will freeze and the page stops responding. Is it possible that due to the long length of the log, it gives me this trouble?
How can I send you the log?

Algis

Yes, it is possible because of the length, others have had this problem. Attach the log as a .txt file.
Look below the reply box when you are replying and you will see the button that says Manage Attachments.
Click that button and then a box will pop up which has a button which says Browse. Click that button and you will be given the options of where on your computer the attachment will come from.
Click that file, the name and location will appear in the box then click the Upload button. The file will be uploaded from your computer and attached to your post.
Judy

Run HJT again and put a check mark next to this entry;
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\makehm.exe,

Then click the Fix Checked button. Exit HJT and reboot.
Then do the following:
Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a …

Ok, just be calm. We are going to try to get this cleaned up.
It would be easier for people here to read if you would run the Uninstall Manager in HiJackThis. It will produce a list and you will need to copy/paste that list, exactly as it shows into this thread.

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
click on the Save list... button and specify where you would like to save this file, save it to the desktop. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply
After I go through this list I will tell you what you can UNINSTALL. You never just Delete Programs. If you do that files will be left behind.
If you don't use any of the games YES you can safely UNINSTALL them. If you want to wait so I can go through the list that is fine.
Post the list and I will go through it ASAP and post back with what you can safely uninstall.
If you would carefully make a list of questions, and list them in list style, what I mean is like this:

And how, please, do I set a …

1st of all, Disable Spybot's TeaTimer, it will interfere with fixes done.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

2. HiJackThis shouldn't be run in Safe Mode, unless this is the only way you can run it.
Run it in Normal Mode and place check marks next to the following entries:

O2 - BHO: (no name) - {5406eba0-b0c3-4979-a397-b499ff6c86a4} - C:\WINDOWS\system32\awtUkIby.dll (file missing)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [jrfnycxb.exe] C:\WINDOWS\jrfnycxb.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [zzjpuuvc.exe] C:\WINDOWS\zzjpuuvc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [jrfngdek.exe] C:\WINDOWS\jrfngdek.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [zzjwleqc.exe] C:\WINDOWS\zzjwleqc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fpraccqn.exe] C:\WINDOWS\fpraccqn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [jrfnbthh.exe] C:\WINDOWS\jrfnbthh.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bndakuiy.exe] C:\WINDOWS\bndakuiy.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fpruryzg.exe] C:\WINDOWS\fpruryzg.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bnwgwjpg.exe] C:\WINDOWS\bnwgwjpg.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fpnjewfn.exe] C:\WINDOWS\fpnjewfn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [tjbmimnx.exe] C:\WINDOWS\tjbmimnx.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [tjbtazdn.exe] C:\WINDOWS\tjbtazdn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [jrcnrtes.exe] C:\WINDOWS\jrcnrtes.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [vxserapq.exe] C:\WINDOWS\vxserapq.exe (User 'SYSTEM')
O4 - …

Fantastic!

Please do the following;
Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually …

What do I need to do to find out if it came from my home computer or one of my USB drives?

There are definitely some infections which can be transferred via USB drives. Now if you transferred files via email from the home computer or from the home computer via a USB device there is a good chance the home computer is infected, and if you used a USB device then it would also be infected.
I would check out both. Beginning with the home computer...
Of course scan with your onboard AV program, update it and then maybe consider running a scan in Safe Mode.
Remove all that is found.
Also in NORMAL mode, download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs …

Try running System File Checker:
To run the System File Checker, follow these steps:

1. Click Start, click Run type sfc /scannow, and then press ENTER.
2. Follow the prompts throughout the System File Checker process.
3. Restart the computer when System File Checker process is complete.

This file is an integral part of Internet Explorer. Try a repair of IE by going to Start, Control Panel, Add/Remove. Click on Internet Explorer and try a Repair.

Did you in fact reboot?
If not do so now. Please update MBA-M and run another Fulls System Scan. Remove all that is found.
Reboot. Post back with the results.

Note: When I ran Malwarebyte's Antimalware and removed the selected infected items, I got a notice saying that a few items were not able to be removed.

Those would be those noted "Delete on Reboot". Reason then can't be removed immediately is the files are in use.
This means you must reboot the computer in order for these to be removed. When the computer is rebooted MBA-M can then reboot them BEFORE they are put into use again
I always recommend a reboot after running MBA-M and also the ESET scanner just as a matter of course.
So reboot the computer now if you have not done so yet. Otherwise these won't be removed.
Can you download and run HiJackThis and give me both the Full System Scan log and also the Uninstall List.

Start Up, Control Panel, Administrative Services. You will find it in there.

Have things improved?

Have you checked Event Viewer for noted items around the time of these crashes?

Yes, this computer has two admin logins and a guest login.

Have you tried using all of the different accounts to see if all are affected by this no icon/no taskbar problem?

Thought: To run these scans should I be booting up via the general tab in msconfig as Normal or Selective? Currently it is on Selective.

Also, Should all startup options be selected?

Running the various anti-malware scans wouldn't need all start up items re-enabled, but at least one run with HJT would help, that way you can see items which maybe loading causing problems OR can also show obvious infection programs that may try to load at start up.
Is this latest HJT log one with Normal Start up turned back on in msconfig?
The reason I ask is because in this latest log it shows Spybot TeaTimer in auto starts, it never showed before.
That should be turned off from within the Spybot program itself. This can interfere with any fixes attempted with HJT and also some other programs.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Go to the link below
http://www.kellys-korner-xp.com/xp_tweaks.htm

Let me do some checking and I will get back with you on this.

There are several ways to do this...What disks do you have that actually came with the computer?
Who is the manufacturer or your computer?

Flash drives CAN become infected, definitely, especially today. There IS a chance that this has happened to yours too. Some malware is now out there created for that specific reason, to more easily spread from computer to computer. But all is not lost your flash disk can be scanned for infections before any files are uploaded to the clean computer and I can give you links on how to do that. If the programs you put on the flash drives are ones you downloaded, you may seriously consider just downloading them again from the internet. Music might be "iffy" too. Not certain about the personal pictures, though there are a lot of ways to save those.
I am getting ahead of myself here...
List the disks that actually came with the comptuer and it's make and model. I can get you some links to follow.
Reformatting is not difficult, as long as you have all the correct disks. I have done it a number of times, it just takes a few hours to reformat and reload. Time consuming part is doing the updating, which you have probably done over a period of months or years, depending on the age of the computer, because you will have to bring it up to "today". I will be happy to help in any way …

Run HJT again and put check marks next to the following entries
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKCU\..\RunOnce: [SpybotDeletingB8814] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9560] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - Startup: is-NFTC7.lnk = C:\Program Files\Virus Removal Tool\is-NFTC7\startup.exe

Click the Fix Checked button.
Exit HJT.
Reboot the computer.
Run another HJT scan and save the log and post it here.

Also another thought, is there more than one User account on this computer?

If desktop icons and taskbar are still missing try this;
press control+alt+delete
then start task manager
click on processes
click file>new task(run...)
type in explorer.exe
then click ok

I doubled clicked Recycle Bin and still get the error message.

What is the full error message you get? Have you checked Event Viewer for noted items around the time of these crashes? It should tell you quite possibly what is actually causing these crashes. I would need the full info on any of the noted items.

Yes, go ahead and Uninstall it.

Can you tell me where in MY post did I mention the Microsoft AutoPlay Repair Wizard? I never said a thing about it. I was not commenting in any way shape or form about the Microsoft AutoPlay Repair Wizard. I was speaking solely about combofix. I quoted the original poster and our Moderator Crunchie, you were not quoted, I was not speaking about anything that you wrote.

What did spybot find?

Sorry for the delay.
Looking through your logs I see on March 1, 2009 you installed Microsoft Silverlight, you really shouldn't be installing NEW unnecessary items until the computer is declared clean.

I also see in the logs c:\program files\Virus Removal Tool installed on Feb. 27. Do you know what this tool is?

Ok. Just wondered as I seldom see so few auto starts unless the scan is run in safe mode...:)
Really don't see much out of the ordinary in the log other than the small number of auto starts. Is there a reason you have never updated your browser to IE7?
How much RAM do you have on the system?
You say you ran Spybot, did it find anything and if so, what?

Do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.
Run a new scan with HJT after the reboot and save the log.
Post back here with both of those logs.

First of all, next time you post logs from Notepad please be certain that Wordwrap is OFF.
Now, do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer

Once the computer is rebooted please run a new scan with HJT and save the log.
Post back here with the MBA-M log and the new HJT log.
Judy

Sorry, but you evidently are referring to another thread on this forum since you have titled this Re: Rundll32 file not found!! Can you provide more information than this please? We need to know when this happened and how you know this. Just because your computer exhibits the same symptoms noted in another thread does not mean you have the same problem. We see the logs you have posted but don't know for certain exactly WHY you ran the scans to begin with.

I really hate to be the bearer of bad news, but this virus is so destructive to key files on the computer that most of the time, general advice is to reformat the computer. This advice seems to be given even if the antivirus programs run can remove the virus, they cannot repair the key system files damaged by the infection so therefore one cannot really even assume the infection is removed.
Sorry