confused and out of steam

[sasysusie]

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.3/g_bin/eng/solitaire_2_0_0_28.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_75.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_33.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167880678454
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.33/g_bin/eng/mahjong_2_0_0_29.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: gebbxyy - gebbxyy.dll (file missing)
O20 - Winlogon Notify: iiffecy - iiffecy.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Program Files\InterMute\SpySubtract\CWShredder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12234 bytes

[sasysusie]

and BTW........... ive not had one pop up alllllll day!!!!!!! yippie!

[essexboy]

But alas they are still there

Please re-open HiJackThis and scan.  Check the boxes next to all the entries listed below.

O2 - BHO: {b07dc602-3717-03ca-a334-514623705b2b} - {b2b50732-6415-433a-ac30-7173206cd70b} - C:\WINDOWS\system32\eleapuna.dll
O2 - BHO: 0 - {CD4C273E-98E3-48FB-A3AF-606E909668BE} - C:\Program Files\MSN\ladu.dll (file missing)
O4 - HKLM\..\Run: [d43d865d] rundll32.exe "C:\WINDOWS\system32\angowvrm.dll",b
O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\PPPATC~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Pkzo] "C:\Program Files\?icrosoft\d?dplay.exe"
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lodsrngl.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwinpmdq.exe
O20 - Winlogon Notify: gebbxyy - gebbxyy.dll (file missing)
O20 - Winlogon Notify: iiffecy - iiffecy.dll (file missing)


Now close all windows other than HiJackThis, then click Fix Checked.  Close HiJackThis.

THEN

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
  
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  

[Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[sasysusie]

yikes I encountered a problem with the combo fix.  I ran the combo fix and when it was done it rebooted my computer and on the reboot was working in the combo fix log... the problem was it stated not to run any programs until the log as finished.. but upon the restart i have programs that automatically run... the whole things stalled out at the point and never gave me a log... and never changed from a blue screen so i manually had to reboot... upon rebooting i did another hijack and have the log from that i can give yuo but unfortunately I do not have the one from the combofix since i never got it  but here is the hijacklog it will come in 2 parts it exceeds maximum allowed length!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14, on 2007-11-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\keyexp\KEYEXP.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\nda.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

[sasysusie]

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158686903\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: Keyboard Express 2000.lnk = C:\Program Files\keyexp\KEYEXP.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.3/g_bin/eng/solitaire_2_0_0_28.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_75.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_33.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167880678454
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.33/g_bin/eng/mahjong_2_0_0_29.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Program Files\InterMute\SpySubtract\CWShredder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11435 bytes

[oldman]

Have a look for the log, it may have been created. Look for  c:\combofix.txt. or c:\combofix\combofix.txt

Any new or old problems resurface?

[sasysusie]

yesss I found it.. good thinking!  and no i have not had even one pop up all day.. is that a good sign?  how did the new hijack report look? ok here is the combofix log.. ill send it in one if i can other will i send it in 2 as i have all the other reports!! you have been so helpful i can't thank you enough!!
Susie
ComboFix 07-11-01.1 - HP_Owner 2007-11-02 15:34:49.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.115 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\HP_Owner\err.log
C:\Program Files\Common Files\{343D8~1
C:\Program Files\Common Files\{D43D8~1
C:\Program Files\icroso~1
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\poolsv
C:\Program Files\pppatc~1
C:\Program Files\pppatc~1\?ppPatch\
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Temp\fCOe
C:\WA6P
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\angowvrm.dll
C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\cusokkfl.dll
C:\WINDOWS\system32\eleapuna.dll
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.bak2
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\G1
C:\WINDOWS\system32\lfkkosuc.ini
C:\WINDOWS\system32\mrvwogna.ini
C:\WINDOWS\system32\oTt02e
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\win
C:\WINDOWS\system32\Y1
C:\WINDOWS\system32\Y2
C:\WINDOWS\system32\zxdnt3d.cfg
D:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPN


(((((((((((((((((((((((((   Files Created from 2007-10-02 to 2007-11-02  )))))))))))))))))))))))))))))))
.

2007-11-02 15:33   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-11-02 11:00   <DIR>   d--------   C:\Program Files\Trend Micro
2007-11-01 22:40   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-01 22:39   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2007-11-01 22:39   <DIR>   d--------   C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2007-11-01 22:36   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-10-28 12:13   <DIR>   d--------   C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2007-10-22 07:01   <DIR>   d--------   C:\Temp
2007-10-19 18:28   <DIR>   d--------   C:\Documents and Settings\HP_Owner\Application Data\Yahoo!
2007-10-19 18:28   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-19 18:26   <DIR>   d--------   C:\Program Files\Yahoo!

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-02 18:31   ---------   d-----w   C:\Documents and Settings\HP_Owner\Application Data\WeatherBug
2007-11-02 12:31   3,645   ----a-w   C:\WINDOWS\viassary-hp.reg
2007-10-23 05:00   ---------   d-----w   C:\Program Files\Enigma Software Group
2007-10-22 14:10   ---------   d-----w   C:\Program Files\Windows Live Safety Center
2007-09-25 02:44   ---------   d-----w   C:\Program Files\America Online 9.0
2007-09-13 06:16   ---------   d-----w   C:\Program Files\Panicware
2007-09-06 10:05   94,416   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05   92,848   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-03 04:17   ---------   d-----w   C:\Program Files\Ganymede
2007-09-03 04:17   ---------   d-----w   C:\Documents and Settings\HP_Owner\Application Data\GanymedeNet
2007-09-02 18:20   ---------   d-----w   C:\Program Files\Case's Ladder
2007-09-02 18:17   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-09-02 18:15   ---------   d-----w   C:\Program Files\PC-Doctor for Windows
2007-09-02 18:04   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Avg7
2007-06-22 20:05   562   ----a-w   C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2004-08-04 18:00:00   94,784   --sh--w   C:\WINDOWS\twain.dll
2004-08-04 18:00:00   50,688   --sh--w   C:\WINDOWS\twain_32.dll
2004-08-04 18:00:00   1,028,096   --sha-w   C:\WINDOWS\system32\mfc42.dll
2004-08-04 18:00:00   54,784   --sha-w   C:\WINDOWS\system32\msvcirt.dll
2004-08-04 18:00:00   413,696   --sha-w   C:\WINDOWS\system32\msvcp60.dll
2004-08-04 18:00:00   343,040   --sha-w   C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:28:05   549,376   --sha-w   C:\WINDOWS\system32\oleaut32.dll
2004-08-04 18:00:00   83,456   --sha-w   C:\WINDOWS\system32\olepro32.dll
2004-08-04 18:00:00   11,776   --sha-w   C:\WINDOWS\system32\regsvr32.exe

[oldman]

The lack of popups are a good thing, but there is still more to do. Is there more of the combofix log, it should end with E of F.

It may take me awhile for the next step, bear with me.

On second thought try to run combofix again, it may have gotten interupted while writting the log.

[sasysusie]

ok lets see if this looks right...let me know  i bet this will have to come in 2 parts

ComboFix 07-11-01.1 - HP_Owner 2007-11-02 20:03:27.2 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\check_LSA7.txt
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\HP_Owner\err.log
C:\Program Files\Common Files\{343D8~1
C:\Program Files\Common Files\{D43D8~1
C:\Program Files\icroso~1
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\poolsv
C:\Program Files\pppatc~1
C:\Program Files\pppatc~1\?ppPatch\
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Temp\fCOe
C:\WA6P
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\angowvrm.dll
C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\cusokkfl.dll
C:\WINDOWS\system32\eleapuna.dll
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.bak2
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\G1
C:\WINDOWS\system32\lfkkosuc.ini
C:\WINDOWS\system32\mrvwogna.ini
C:\WINDOWS\system32\oTt02e
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\win
C:\WINDOWS\system32\Y1
C:\WINDOWS\system32\Y2
C:\WINDOWS\system32\zxdnt3d.cfg
D:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPN




(((((((((((((((((((((((((   Files Created from 2007-10-03 to 2007-11-03  )))))))))))))))))))))))))))))))
.

2007-11-02 15:33   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-11-02 11:00   <DIR>   d--------   C:\Program Files\Trend Micro
2007-11-01 22:40   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-01 22:39   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2007-11-01 22:39   <DIR>   d--------   C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2007-11-01 22:36   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-10-28 12:13   <DIR>   d--------   C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2007-10-22 07:01   <DIR>   d--------   C:\Temp
2007-10-19 18:28   <DIR>   d--------   C:\Documents and Settings\HP_Owner\Application Data\Yahoo!
2007-10-19 18:28   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-19 18:26   <DIR>   d--------   C:\Program Files\Yahoo!

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 01:13   3,645   ----a-w   C:\WINDOWS\viassary-hp.reg
2007-11-02 18:31   ---------   d-----w   C:\Documents and Settings\HP_Owner\Application Data\WeatherBug
2007-10-23 05:00   ---------   d-----w   C:\Program Files\Enigma Software Group
2007-10-22 14:10   ---------   d-----w   C:\Program Files\Windows Live Safety Center
2007-09-25 02:44   ---------   d-----w   C:\Program Files\America Online 9.0
2007-09-13 06:16   ---------   d-----w   C:\Program Files\Panicware
2007-09-06 10:05   94,416   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05   92,848   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-03 04:17   ---------   d-----w   C:\Program Files\Ganymede
2007-09-03 04:17   ---------   d-----w   C:\Documents and Settings\HP_Owner\Application Data\GanymedeNet
2007-06-22 20:05   562   ----a-w   C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2004-08-04 18:00:00   94,784   --sh--w   C:\WINDOWS\twain.dll
2004-08-04 18:00:00   50,688   --sh--w   C:\WINDOWS\twain_32.dll
2004-08-04 18:00:00   1,028,096   --sha-w   C:\WINDOWS\system32\mfc42.dll
2004-08-04 18:00:00   54,784   --sha-w   C:\WINDOWS\system32\msvcirt.dll
2004-08-04 18:00:00   413,696   --sha-w   C:\WINDOWS\system32\msvcp60.dll
2004-08-04 18:00:00   343,040   --sha-w   C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:28:05   549,376   --sha-w   C:\WINDOWS\system32\oleaut32.dll
2004-08-04 18:00:00   83,456   --sha-w   C:\WINDOWS\system32\olepro32.dll
2004-08-04 18:00:00   11,776   --sha-w   C:\WINDOWS\system32\regsvr32.exe
.

[sasysusie]

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 15:59]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 17:06 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:42]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-02-15 10:09]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 20:47 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 21:17]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 02:23]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 10:11]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 05:50]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 16:42]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-08-24 16:09]
"HostManager"="C:\Program Files\Common Files\AOL\1158686903\ee\AOLSoftware.exe" [2006-09-25 17:52]
"ProfileWatcher"="C:\Program Files\ProfileWatcher\profilewatcher.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"NapsterShell"="C:\Program Files\Napster\napster.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-01-06 10:57]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 18:53]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe" [2005-02-15 10:25]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
Keyboard Express 2000.lnk - C:\Program Files\keyexp\KEYEXP.EXE [2006-06-02 07:35:10]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2006-03-17 20:00:32]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 03:28:24]
HPAiODevice(hp psc 700 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [2002-04-30 17:26:44]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2005-02-15 10:23:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-01 21:26:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-03 03:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 20:06:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-02 20:07:26
.
   --- E O F ---

[oldman]

Okay, it's all there. What is your D: drive? You had norton av installed previously, do you remember which version and how did you remove it? with the norton removal tool?

[oldman]

Okay, I've read this thing until I went crosseyed. It looks pretty good to me.

Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point

Remove old restore points

Disk Cleanup - Launch the Disk Cleanup tool and then select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.

I may have a bit more for you later, so check this thread tommorrow.

[sasysusie]

I had to run out for a bit thats why things got so quiet from here!  I looked to see what my D drive is.. it says HP_recovery(D:) is that what you were asking about... as far as the norton goes i am pretty sure it was removed bye the Norton Removal tool but i cannot be 1000% sure as i was not the one that removed it... as for the version... let me look.. i hate to tell you this but im just not sure what what version it was i bought my computer in june 2005 if that helps and it was whatever they were selling me at the time. Do we have to have the information?  I did get your latest email too and ill do the things you have told me to do.  Thanks so very much!
Susie

[oldman]

I looked to see what my D drive is.. it says HP_recovery(D:) is that what you were asking about...

Yes, that's what I wanted to know. Didn't know if it was a cdrom or not.

 

as far as the norton goes i am pretty sure it was removed bye the Norton Removal tool but i cannot be 1000% sure as i was not the one that removed it... as for the version... let me look.. i hate to tell you this but im just not sure what what version it was i bought my computer in june 2005 if that helps and it was whatever they were selling me at the time. Do we have to have the information?

No. that's fine. I didn't see any norton in the hjt log, but saw the scheduled task entry for a norton scan. You can remove it.

What firewall are you using. I'm kinda bug eyed right now and can't seem to find it.

You are welcome, check back tommorrow. Night or morning or whatever it is there.

[sasysusie]

Since im still up i went ahead and checked it looks like im using Windows Firewall. Hoping that is the info you were looking for...You have been so incredible helpful i just can't thank you enough. Ill check back tomorrow for sure its a busy day but ill find time! Thanks again!  and BTW its 10:50 pm here! Take Care and thanks so much.
Susie