Looks like I've ended up with a real bug this time. I'v run AdAware, SpyBot, SUPER AntiSpy and Norton Antivirus but still get constant redirects and popup windows. Any help would be appreciated.


Logfile of HijackThis v1.99.1
Scan saved at 8:45:50 PM, on 3/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Home Office\Desktop\Highjack This\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Hello kurtman1,

Download and Save blacklight to your desktop.
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found.
Don't choose rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply.

Thanks,
tea

Hi Tea,

I downloaded and ran blacklight and I'll post the log below but I don't think it found any suspicious files. Before reading your post, I did run SuperAntiSpyware and it found and eliminated a ton of stuff. Maybe that is why Blacklight didn't find anything. I do still have sudden browser launches and even popup windows attempting to access the internet while I have my internet connection disabled. Ok, here is the Blacklight log and I'll include a current HijackThis log in case there has been a change.

Sure appreciate your help!!

03/30/07 17:47:14 [Info]: BlackLight Engine 1.0.61 initialized
03/30/07 17:47:14 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/30/07 17:47:15 [Note]: 7019 4
03/30/07 17:47:15 [Note]: 7005 0
03/30/07 17:47:27 [Note]: 7006 0
03/30/07 17:47:27 [Note]: 7011 1864
03/30/07 17:47:28 [Note]: 7026 0
03/30/07 17:47:28 [Note]: 7026 0
03/30/07 17:47:33 [Note]: FSRAW library version 1.7.1021
03/30/07 17:53:15 [Note]: 2000 1012
03/30/07 18:06:48 [Note]: 7007 0


Logfile of HijackThis v1.99.1
Scan saved at 6:18:23 PM, on 3/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Home Office\Desktop\Highjack This\HijackThis.exe

O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\tcmlaurl.dll (file missing)
O2 - BHO: (no name) - {600A3DF9-101A-4221-A395-4A45F3457680} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Hello,

Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.

Let me know if everything is back to normal now.

Regards,
tea

Hi Tea,

I followed you directions exactly but there wasn't anything on the web tab except for "My current home page"). Also, the "Lock Desktop Items box" wasn't checked. I am still getting the redirects and web pages that just pop up out of nowhere. Also "Smitfraud-C.Toolbar888" appears every time I run SpyBot even though I remove it each time. I also keep getting misc Trojans when I run other antispyware programs. Oh, I was unable to even connect to the internet a few hours ago, then all of a sudden hundreds of browser windows started popping up until I was able to shut down the computer.

Thanks again for your help.

This is like hunting for a needle in a haystack. :spider:

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

We'll find it. :)

Ok, here are both log files.

"Home Office" - 07-03-31 8:53:07 Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Home Office\Desktop\ComboFix"


((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-31 ))))))))))))))))))))))))))))))))))


2007-03-30 23:32 1,254,981 ---hs---- C:\WINDOWS\system32\vwadd.ini2
2007-03-30 19:59 <DIR> d--h----- C:\WINDOWS\PIF
2007-03-30 18:59 65 --a------ C:\WINDOWS\system32\BD7820N.dat
2007-03-30 18:58 81,920 --------- C:\WINDOWS\system32\BrWebIns.dll
2007-03-30 18:58 77,824 --------- C:\WINDOWS\system32\BROSNMP.DLL
2007-03-30 18:58 73,728 --------- C:\WINDOWS\system32\brrbtool.exe
2007-03-30 18:58 24,223 --------- C:\WINDOWS\system32\brlm03a.dll
2007-03-30 18:58 188,416 --------- C:\WINDOWS\system32\PDRVINST.DLL
2007-03-30 18:57 65,536 --------- C:\WINDOWS\system32\BRWEBUP.EXE
2007-03-30 18:57 122,880 --------- C:\WINDOWS\system32\BrfxD04a.dll
2007-03-30 18:57 0 --a------ C:\WINDOWS\brdfxspd.dat
2007-03-30 18:57 <DIR> d-------- C:\Program Files\Brother
2007-03-30 18:57 <DIR> d-------- C:\Program Files\Brother
2007-03-30 18:57 <DIR> d-------- C:\Brother
2007-03-30 18:56 132,116 --a------ C:\WINDOWS\system32\lmgkiepu.dll
2007-03-30 18:56 123,972 --a------ C:\WINDOWS\system32\wfxrehxd.dll
2007-03-30 18:56 1,244,780 ---hs---- C:\WINDOWS\system32\vwadd.bak1
2007-03-30 18:54 280,676 ---hs---- C:\WINDOWS\system32\ljhec.dll
2007-03-30 18:54 280,676 ---hs---- C:\WINDOWS\system32\ddawv.dll
2007-03-30 09:06 1,247,151 ---hs---- C:\WINDOWS\system32\srqss.ini2
2007-03-30 00:27 <DIR> dr------- C:\DOCUME~1\HOMEOF~1\APPLIC~1\Brother
2007-03-30 00:23 123,972 --a------ C:\WINDOWS\system32\xkrbwhhg.dll
2007-03-30 00:23 1,244,820 ---hs---- C:\WINDOWS\system32\srqss.bak1
2007-03-30 00:13 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2007-03-30 00:11 51,712 --------- C:\WINDOWS\system32\brinsstr.dll
2007-03-30 00:10 52,224 --------- C:\WINDOWS\system32\BrNetSti.dll
2007-03-30 00:10 36,864 --a------ C:\WINDOWS\system32\BrStiIf.dll
2007-03-30 00:10 34,816 --------- C:\WINDOWS\system32\BrWiaNCp.dll
2007-03-30 00:10 31,744 --------- C:\WINDOWS\system32\Brnsplg.dll
2007-03-30 00:10 163,840 --------- C:\WINDOWS\system32\NSSearch.dll
2007-03-30 00:10 147,456 --a------ C:\WINDOWS\brunin03.dll
2007-03-30 00:10 120,832 --a------ C:\WINDOWS\system32\BrWia04b.dll
2007-03-30 00:10 106,496 --------- C:\WINDOWS\system32\BrMuSNMP.dll
2007-03-29 23:58 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-03-29 23:57 <DIR> d-------- C:\Program Files\ScanSoft
2007-03-29 23:57 <DIR> d-------- C:\Program Files\ScanSoft
2007-03-29 23:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
2007-03-29 23:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
2007-03-29 20:52 123,972 --a------ C:\WINDOWS\system32\homtyeqq.dll
2007-03-29 20:52 1,244,780 ---hs---- C:\WINDOWS\system32\mmlnn.bak1
2007-03-29 20:25 <DIR> d-------- C:\VundoFix Backups
2007-03-29 20:19 <DIR> d-------- C:\DOCUME~1\HOMEOF~1\APPLIC~1\AdobeUM
2007-03-29 00:23 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-03-29 00:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-03-29 00:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
2007-03-29 00:06 26,694 --------- C:\WINDOWS\system32\ljjgfff.dll
2007-03-26 13:47 <DIR> d-------- C:\Program Files\Verizon
2007-03-26 13:47 <DIR> d-------- C:\Program Files\Verizon
2007-03-07 21:10 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-03-04 19:24 <DIR> d-------- C:\Program Files\HHD Software
2007-03-04 19:24 <DIR> d-------- C:\Program Files\HHD Software
2007-03-04 19:20 <DIR> d-------- C:\DOCUME~1\HOMEOF~1\WINDOWS
2007-03-04 00:30 <DIR> d-------- C:\Program Files\Excel Password Recovery Master
2007-03-04 00:30 <DIR> d-------- C:\Program Files\Excel Password Recovery Master
2007-03-04 00:16 <DIR> d-------- C:\Program Files\www.freewordexcelpassword.com
2007-03-04 00:16 <DIR> d-------- C:\Program Files\www.freewordexcelpassword.com
2007-03-04 00:10 <DIR> d-------- C:\Program Files\Passware
2007-03-04 00:10 <DIR> d-------- C:\Program Files\Passware
2007-03-03 03:39 32,096 --a------ C:\DOCUME~1\HOMEOF~1\APPLIC~1\GDIPFONTCACHEV1.DAT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-30 21:17 -------- d-------- C:\Program Files\superantispyware
2007-03-30 19:59 -------- d--h----- C:\Program Files\installshield installation information
2007-03-30 18:57 -------- d-------- C:\Program Files\Common Files\installshield
2007-03-30 17:38 -------- d-------- C:\DOCUME~1\HOMEOF~1\APPLIC~1\u3
2007-02-14 21:09 -------- d-------- C:\Program Files\norton antivirus
2007-02-14 21:09 -------- d-------- C:\DOCUME~1\HOMEOF~1\APPLIC~1\help
2007-02-04 21:59 -------- d-------- C:\DOCUME~1\HOMEOF~1\APPLIC~1\divx
2007-01-22 23:54 0 --a------ C:\WINDOWS\system32\cmmgr32.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Anonymizer"="C:\\Program Files\\Anonymizer\\Anonymizer Software\\Anonymizer.exe -nogui"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{A782E194-EA97-4F2A-99C1-8EB42A0B519E}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddawv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GTNDIS5


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-31 9:01:30



Logfile of HijackThis v1.99.1
Scan saved at 9:04:10 AM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Home Office\Desktop\Highjack This\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)


Thanks again for your help with this!

Hello,

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Thanks,
tea

Hi Tea,

You will see from the text file that I ran VundoFix a few days ago and ran it again last night after reading your post. This time it had me reboot twice but was still unable to remove "C:\WINDOWS\system32\ljjgfff.dll" so I rebooted into safe mode and just renamed this file with an .xxx extension in case I need to restore it. Here are both logs.


VundoFix V6.3.18

Checking Java version...

Scan started at 8:25:05 PM 3/29/2007

Listing files found while scanning....

C:\WINDOWS\system32\epykceyx.dll
C:\WINDOWS\system32\lhqrasmf.dll
C:\WINDOWS\system32\ljjgfff.dll
C:\WINDOWS\system32\ooqru.bak1
C:\WINDOWS\system32\ooqru.ini
C:\WINDOWS\system32\pqsut.ini
C:\WINDOWS\system32\tusqp.dll
C:\WINDOWS\system32\urqoo.dll
C:\WINDOWS\system32\xyeckype.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\epykceyx.dll
C:\WINDOWS\system32\epykceyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lhqrasmf.dll
C:\WINDOWS\system32\lhqrasmf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjgfff.dll
C:\WINDOWS\system32\ljjgfff.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ooqru.bak1
C:\WINDOWS\system32\ooqru.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ooqru.ini
C:\WINDOWS\system32\ooqru.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqsut.ini
C:\WINDOWS\system32\pqsut.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tusqp.dll
C:\WINDOWS\system32\tusqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqoo.dll
C:\WINDOWS\system32\urqoo.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\xyeckype.ini
C:\WINDOWS\system32\xyeckype.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ljjgfff.dll
C:\WINDOWS\system32\ljjgfff.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\urqoo.dll
C:\WINDOWS\system32\urqoo.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.3.18

Checking Java version...

Scan started at 11:02:47 PM 3/31/2007

Listing files found while scanning....

C:\WINDOWS\system32\cehjl.ini
C:\WINDOWS\system32\ddawv.dll
C:\WINDOWS\system32\dxherxfw.ini
C:\WINDOWS\system32\ghhwbrkx.ini
C:\WINDOWS\system32\homtyeqq.dll
C:\WINDOWS\system32\ljhec.dll
C:\WINDOWS\system32\ljjgfff.dll
C:\WINDOWS\system32\qqeytmoh.ini
C:\WINDOWS\system32\vwadd.bak1
C:\WINDOWS\system32\vwadd.ini
C:\WINDOWS\system32\vwadd.ini2
C:\WINDOWS\system32\vwadd.tmp
C:\WINDOWS\system32\wfxrehxd.dll
C:\WINDOWS\system32\xkrbwhhg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cehjl.ini
C:\WINDOWS\system32\cehjl.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddawv.dll
C:\WINDOWS\system32\ddawv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dxherxfw.ini
C:\WINDOWS\system32\dxherxfw.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghhwbrkx.ini
C:\WINDOWS\system32\ghhwbrkx.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\homtyeqq.dll
C:\WINDOWS\system32\homtyeqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljhec.dll
C:\WINDOWS\system32\ljhec.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjgfff.dll
C:\WINDOWS\system32\ljjgfff.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qqeytmoh.ini
C:\WINDOWS\system32\qqeytmoh.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vwadd.bak1
C:\WINDOWS\system32\vwadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vwadd.ini
C:\WINDOWS\system32\vwadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vwadd.ini2
C:\WINDOWS\system32\vwadd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vwadd.tmp
C:\WINDOWS\system32\vwadd.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\wfxrehxd.dll
C:\WINDOWS\system32\wfxrehxd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xkrbwhhg.dll
C:\WINDOWS\system32\xkrbwhhg.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ljjgfff.dll
C:\WINDOWS\system32\ljjgfff.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...


Logfile of HijackThis v1.99.1
Scan saved at 9:15:55 AM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Home Office\Desktop\Highjack This\HijackThis.exe

O2 - BHO: (no name) - {11A91E12-B9A6-49B2-8AC5-E8E6BDD00FCa} - (no file)
O2 - BHO: (no name) - {419E625F-E7C0-4D84-931F-44AAC9705ECB} - C:\WINDOWS\system32\ddawv.dll (file missing)
O2 - BHO: (no name) - {600A3DF9-101A-4221-A395-4A45F3457680} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Hello,

No need to restore that file. It's bad, so you can delete it, if it will. :)

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {11A91E12-B9A6-49B2-8AC5-E8E6BDD00FCa} - (no file)
O2 - BHO: (no name) - {419E625F-E7C0-4D84-931F-44AAC9705ECB} - C:\WINDOWS\system32\ddawv.dll (file missing)
O2 - BHO: (no name) - {600A3DF9-101A-4221-A395-4A45F3457680} - (no file)

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

How is it running now? :) Let me know what a scan with SUPERAntispyware says now also.

Thanks,
tea

Look like we may have success, no popup or misdirects while online this time.

SUPERAntispyware did find and eliminate two Trojan Downloader files and several misc. tracking cookies.

I really do appreciate your help with this and believe you have resolved the problem. Thanks, again, Tea.

Glad we could help, as the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.