problem after running first spybot S & D

[evilfantasy]

Yes just copy and paste.

[okbreeze]

Hi, evilfantasy! Appreciate your patience. Did I copy the right thing?

Index   % of PCs with item   Code   Data
1   0.0%   O16   {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
2   0.8%   O2   Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
3   0.7%   O2   Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
4   0.3%   O2   Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
5   0.0%   O2   Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
6   0.0%   O2   Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
7   0.0%   O23   BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
8   0.0%   O23   BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
9   0.0%   O23   BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
10   0.0%   O3   BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
11   0.0%   O4   [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
12   0.0%   O4   [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
13   3.9%   O9   Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
14   3.9%   O9   Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
15   0.3%   O9   Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
16   0.1%   O9   (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
17   0.1%   O9   Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
18   0.0%   O9   (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
19   0.0%   O9   @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
20   0.0%   O9   (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
21   0.0%   O9   Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
22   0.0%   O9   Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
23   0.0%   O9   &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
24   7.6%   P01   C:\WINDOWS\Explorer.EXE
25   7.4%   P01   C:\WINDOWS\system32\svchost.exe
26   7.4%   P01   C:\WINDOWS\system32\lsass.exe
27   7.4%   P01   C:\WINDOWS\system32\winlogon.exe
28   7.4%   P01   C:\WINDOWS\system32\services.exe
29   7.4%   P01   C:\WINDOWS\System32\smss.exe
30   7.2%   P01   C:\WINDOWS\system32\spoolsv.exe
31   1.1%   P01   C:\Program Files\Mozilla Firefox\firefox.exe
32   0.2%   P01   C:\WINDOWS\system32\WgaTray.exe
33   0.0%   P01   C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
34   0.0%   P01   C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
35   0.0%   P01   C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
36   0.0%   P01   C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
37   0.1%   R0   HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
38   0.0%   R0   HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/verify?.done=http://www.yahoo.com
39   2.8%   R1   HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
40   2.7%   R1   HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
41   2.7%   R1   HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
42   0.2%   R1   HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
43   0.2%   R1   HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

Explanation of the codes

R - Registry, StartPage/SearchPage changes

    * R0 - Changed registry value
    * R1 - Created registry value
    * R2 - Created registry key
    * R3 - Created extra registry value where only one should be

F - IniFiles, autoloading entries

    * F0 - Changed inifile value
    * F1 - Created inifile value
    * F2 - Changed inifile value, mapped to Registry
    * F3 - Created inifile value, mapped to Registry

N - Netscape/Mozilla StartPage/SearchPage changes

    * N1 - Change in prefs.js of Netscape 4.x
    * N2 - Change in prefs.js of Netscape 6
    * N3 - Change in prefs.js of Netscape 7
    * N4 - Change in prefs.js of Mozilla

O - Other, several sections which represent:

    * O1 - Hijack of auto.search.msn.com with Hosts file
    * O2 - Enumeration of existing MSIE BHO's
    * O3 - Enumeration of existing MSIE toolbars
    * O4 - Enumeration of suspicious autoloading Registry entries
    * O5 - Blocking of loading Internet Options in Control Panel
    * O6 - Disabling of 'Internet Options' Main tab with Policies
    * O7 - Disabling of Regedit with Policies
    * O8 - Extra MSIE context menu items
    * O9 - Extra 'Tools' menuitems and buttons
    * O10 - Breaking of Internet access by New.Net or WebHancer
    * O11 - Extra options in MSIE 'Advanced' settings tab
    * O12 - MSIE plugins for file extensions or MIME types
    * O13 - Hijack of default URL prefixes
    * O14 - Changing of IERESET.INF
    * O15 - Trusted Zone Autoadd
    * O16 - Download Program Files item
    * O17 - Domain hijack
    * O18 - Enumeration of existing protocols and filters
    * O19 - User stylesheet hijack
    * O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
    * O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
    * O22 - SharedTaskScheduler autorun Registry key
    * O23 - Enumeration of NT Services
    * O24 - Enumeration of ActiveX Desktop Components

[evilfantasy]

No.

# Open Hijackthis.
# Click on the Do a system scan and save a log file button
# Hijackthis will scan and then a log will open in notepad.
# Copy and then paste the entire contents of the log in your post.

[okbreeze]

Thank you. I see I selected wrong. I just scanned again, and got a note: "CMMGR32.EXE-Entry Point Not Found
The procedure entry point CmFmtMsg could not be located in the dynamic link library cmutil.dll."
Log didn't open up in notepad

[evilfantasy]

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:

• Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
  • Let this run undisturbed until the window with the blue  progress bar goes away

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

If you want to see what was replaced, right-click My Computer and click on Manage. 
In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.

[okbreeze]

  Sorry, evilfantasy, bought second-hand and too late realized didn't get XP CD
Will this do?:

Deckard's System Scanner v20071014.68
Run by txboots on 2008-06-16 00:28:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 319 MiB (512 MiB recommended).


-- HijackThis (run as txboots.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:24 AM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\txboots\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\txboots.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/verify?.done=http%3a//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 4784 bytes

-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-13 20:47:52         0 d-------- C:\fsaua.data
2008-06-11 00:17:22         0 d-------- C:\Documents and Settings\txboots\DoctorWeb
2008-06-10 23:03:37     68096 --a------ C:\WINDOWS\zip.exe
2008-06-10 23:03:37    161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-10 23:03:37     98816 --a------ C:\WINDOWS\sed.exe
2008-06-10 23:03:37     80412 --a------ C:\WINDOWS\grep.exe
2008-06-10 23:03:36     49152 --a------ C:\WINDOWS\VFind.exe
2008-06-10 23:03:36    212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-10 23:03:36    136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-10 23:03:36     89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-09 04:06:13         0 d-------- C:\Program Files\Trend Micro
2008-05-31 20:34:19   1753088 --a------ C:\WINDOWS\system32\ExGrid.dll <Not Verified; Exontrol Inc.; ExGrid Module>
2008-05-31 20:34:10    614400 --a------ C:\WINDOWS\system32\ExButton.dll <Not Verified; Exontrol Inc.; ExButton Module>
2008-05-31 20:34:09    602112 --a------ C:\WINDOWS\system32\ExMenu.dll <Not Verified; Exontrol Inc.; ExMenu Control>
2008-05-31 20:34:08    516096 --a------ C:\WINDOWS\system32\ExTab.dll <Not Verified; Exontrol Inc.; ExTab Module>
2008-05-31 20:34:08    307200 --a------ C:\WINDOWS\system32\ExPMenu.dll <Not Verified; Exontrol Inc.; ExPopupMenu Control>
2008-05-31 20:33:58    356352 --a------ C:\WINDOWS\system32\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-05-31 20:33:57    118784 --a------ C:\WINDOWS\system32\eWebControl.dll <Not Verified; eSellerate Inc.; >
2008-05-31 20:33:57         0 d-------- C:\Program Files\Common Files\eSellerate
2008-05-31 20:33:56    368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-05-31 20:33:49         0 d-------- C:\Program Files\AnswersThatWork
2008-05-31 15:18:22       335 --a------ C:\WINDOWS\mozregistry.dat
2008-05-30 19:54:38         0 dr-h----- C:\Documents and Settings\txboots\Recent
2008-05-29 18:06:51         0 d-------- C:\Program Files\Foxit Software
2008-05-28 18:17:21         0 d-------- C:\Program Files\WhatsRunning
2008-05-23 11:11:46         0 d-------- C:\Documents and Settings\txboots\dwhelper
2008-05-23 10:27:10      1160 --a------ C:\WINDOWS\mozver.dat
2008-05-22 22:08:37         0 d-------- C:\Documents and Settings\txboots\Application Data\Mozilla


-- Find3M Report ---------------------------------------------------------------

2008-05-08 20:04:12         0 d-------- C:\Documents and Settings\txboots\Application Data\W Photo Studio
2008-05-08 20:03:32         0 d-------- C:\Documents and Settings\txboots\Application Data\Walgreens
2008-05-08 20:03:22         0 d-------- C:\Program Files\Common Files\HP
2008-05-08 20:03:10         0 d-------- C:\Program Files\Walgreens
2008-05-08 19:55:06         0 d-------- C:\Documents and Settings\txboots\Application Data\W Photo Studio Viewer
2008-05-07 11:43:40         0 d-------- C:\Documents and Settings\txboots\Application Data\Uniblue
2008-04-22 11:29:30         0 d-------- C:\Documents and Settings\txboots\Application Data\BitDefender
2008-04-22 11:28:02         0 d-------- C:\Program Files\BitDefender
2008-04-22 11:26:16         0 d-------- C:\Program Files\Common Files\BitDefender
2008-04-21 20:26:56         0 d-------- C:\Program Files\Screen-Savers.com
2008-04-21 20:26:56         0 d-------- C:\Program Files\Java
2008-04-01 11:24:06     29948 --a------ C:\my pictures


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [10/09/2007 03:46 PM]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [06/09/2008 10:13 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXSHOW95.EXE]
EXSHOW95.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]
wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe"
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ScanRegistry"=c:\windows\scanregw.exe /autorun
"CPQEASYACC"=C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
"EACLEAN"=C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
"Service Connection"=c:\cpqs\bwtools\sccenter.exe
"CountrySelection"=pctptt.exe
"CPQInet"=c:\compaq\CPQInet\CpqInet.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"Digital Dashboard"=C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
"LoadQM"=loadqm.exe
"QuickTime Task"=C:\WINDOWS\SYSTEM32\qttask.exe
"ausvc"=C:\WINDOWS\ausvc.exe
"SysScan"=C:\WINDOWS\bvt.exe
"ABsr"=C:\WINDOWS\absr.exe
"MovieNetworks"="C:\Program Files\MovieNetworks\MovieNetworks.exe" /H
"WebInstall2"=C:\WINDOWS\TEMP\INS93B4.TMP /R /A
"Hotbar"=C:\PROGRAM FILES\HOTBAR\BIN\4.2.8.0\HBINST.EXE /Upgrade
"DXM6Patch_981116"=C:\WINDOWS\p_981116.exe /Q:A
"LVComs"=C:\WINDOWS\SYSTEM32\LVComS.exe
"KAZAA"=C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
"Mouse Suite 98 Daemon"=PELMICED.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"PTSNOOP"=ptsnoop.exe
"LexStart"=Lexstart.exe
"LexmarkPrinTray"=PrinTray.exe
"CountrySelection"=pctptt.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"SchedulingAgent"=mstask.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"Hidserv"=Hidserv.exe run

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx   scan


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser]
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exeadvpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl



-- End of Deckard's System Scanner: finished at 2008-06-16 00:36:01 ------------

[evilfantasy]

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

.

.
The above procedure will:

• Delete:
• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

.
----------

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed)

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

----------

Download Malwarebytes' Anti-Malware from here or here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.
  

.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

------

Next post add
MBAM log

[okbreeze]

Appreciate your help and easy instructions.

Malwarebytes' Anti-Malware 1.17
Database version: 846

10:17:03 PM 6/16/2008
mbam-log-6-16-2008 (22-17-03).txt

Scan type: Quick Scan
Objects scanned: 37372
Time elapsed: 21 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mywebsearchsearchassistant.auxiliary (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchsearchassistant.auxiliary.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\GSIM (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\GSIM\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\dynamic toolbar\GSIM\Cache\GSIMTB0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\GSIM\Cache\ErrorLog.txt (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> Quarantined and deleted successfully.

[evilfantasy]

How is everything now?

[okbreeze]

  Things are so much better; thank you! Now... which of these things disabled my BitDefender updater and fix button?

[evilfantasy]

Not sure which one did it.

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

.
----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates.

If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

----------

Make sure all of your security programs are up to date and run scans with them regularly. Once or twice a week minimum.

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

To prevent unknown applications from being installed on your computer install WinPatrol 2008
Using Winpatrol to protect your computer from malicious software

Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
*Using SpywareBlaster to protect your computer from Spyware and Malware
*If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Stand Up and Be Counted ---> Malware Complaints  <--- where you can make difference!

[okbreeze]

When I key in Cleanmgr, select drive comes up to select C or D drive

[evilfantasy]

C drive.

[okbreeze]

Sorry, I've never cleaned C that way. I can just click on "disc cleaner". It's done. Windows won't update me as I don't pass validation.
I have XP Pro

[evilfantasy]

Is your copy of XP legal?