Somehow I got installed this crap on my machine. These pop up keep coming up. My Task Manager is disabled also. When I do ctrl-alt-del it says that my Task Manager has been disabled by the task manager. sometime
I am running XP. downloaded Adware and ran it. Here is the Hijackthis log. Thanks in advance.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:16 PM, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\aspimgr.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\system32\dlbccoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\lpcywinp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061229
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061229
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Microsoft copyright - {5DF6AFEE-2291-4041-9A74-354624861746} - judgemq.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: egmulhxk.msdn_hlp - {E78B911A-6F68-4B84-8C19-EC417C9590E2} - C:\WINDOWS\system32\egmulhxk.dll
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Whitney2_S2P] C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O15 - Trusted Zone: http://*.rapmls.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187412633250
O16 - DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} (CMMHost Object) - https://na3.salesforce.com/dwnld/mailmerge/AXMailMerge.cab
O16 - DPF: {A8339A6D-BB2D-4036-95A4-07E140D0A906} - https://na3.salesforce.com/setup/outlook/setups2/install.cab
O16 - DPF: {AB883AA5-F28E-462B-B2D7-8E3717FE933C} (SFCom Control) - https://na3.salesforce.com/setup/sforce/vm/SFCom.CAB
O16 - DPF: {AC954BAA-E9CF-4A31-8558-E4FBDDA7E3CC} - https://na3.salesforce.com/setup/outlook/setups2/install.cab
O16 - DPF: {AEA85AB7-A039-4119-BE17-B2908A5D347A} - https://na3.salesforce.com/setup/sforce/off...ForceOffice.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mentor.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {FB2B4949-13E9-43DE-8185-A8A27C225107} (CInstalledApps Object) - https://na3.salesforce.com/dwnld/IPChecker/...eAutoUpdate.cab
O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: dlbc_device - - C:\WINDOWS\system32\dlbccoms.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

--
End of file - 13174 bytes

Hi,

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Actually, this doesn't suprise me at all...

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Trust me, I feel like an idiot.

Anyway-here is the Avira report



AntiVir PersonalEdition Classic
Report file date: Friday, December 14, 2007 00:21

Scanning for 972276 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: OASISTX

Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 20:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 19:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 22:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 19:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 20:03:56
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 20:03:57
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 11/30/2007 20:03:58
ANTIVIR3.VDF : 7.0.1.90 227328 Bytes 12/13/2007 20:03:59
AVEWIN32.DLL : 7.6.0.45 3084800 Bytes 12/13/2007 20:04:12
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 17:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 14:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 20:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 15:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 14:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 19:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 14:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 18:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 19:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 19:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 16:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Friday, December 14, 2007 00:21

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'tcsd_win32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'dlbccoms.exe' - '1' Module(s) have been scanned
Scan process 'DataServer.exe' - '1' Module(s) have been scanned
Scan process 'bmwebcfg.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'AutoUpdate.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'DSAgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SSMMgr.exe' - '1' Module(s) have been scanned
Scan process 'Scan2pc.exe' - '1' Module(s) have been scanned
Scan process 'WDBtnMgr.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'hidfind.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'J2GDllCmd.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'docmgr.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'scardsvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
49 processes with 49 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '34' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\AT&T\Communication Manager\auth\Auth_PPPoE.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[WARNING] The file was ignored!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP271\A0064723.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP271\A0065696.dll
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP271\A0065700.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP271\A0068692.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP271\A0068747.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP271\A0069753.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.dee Backdoor server programs
[INFO] The file was deleted!
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
[WARNING] The file could not be read!


End of the scan: Friday, December 14, 2007 07:08
Used time: 6:47:29 min

The scan has been done completely.

6862 Scanning directories
438022 Files were scanned
7 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
6 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
438015 Files not concerned
6896 Archives were scanned
4 Warnings
2 Notes

and here is the Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:36 AM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\system32\dlbccoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Program Files\AT&T\Communication Manager\bmctl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AT&T\Communication Manager\bmop.exe
C:\Program Files\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061229
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061229
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Microsoft copyright - {5DF6AFEE-2291-4041-9A74-354624861746} - judgemq.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: egmulhxk.msdn_hlp - {E78B911A-6F68-4B84-8C19-EC417C9590E2} - C:\WINDOWS\system32\egmulhxk.dll (file missing)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Whitney2_S2P] C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O15 - Trusted Zone: http://*.rapmls.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187412633250
O16 - DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} (CMMHost Object) - https://na3.salesforce.com/dwnld/mailmerge/AXMailMerge.cab
O16 - DPF: {A8339A6D-BB2D-4036-95A4-07E140D0A906} - https://na3.salesforce.com/setup/outlook/setups2/install.cab
O16 - DPF: {AB883AA5-F28E-462B-B2D7-8E3717FE933C} (SFCom Control) - https://na3.salesforce.com/setup/sforce/vm/SFCom.CAB
O16 - DPF: {AC954BAA-E9CF-4A31-8558-E4FBDDA7E3CC} - https://na3.salesforce.com/setup/outlook/setups2/install.cab
O16 - DPF: {AEA85AB7-A039-4119-BE17-B2908A5D347A} - https://na3.salesforce.com/setup/sforce/off...ForceOffice.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mentor.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {FB2B4949-13E9-43DE-8185-A8A27C225107} (CInstalledApps Object) - https://na3.salesforce.com/dwnld/IPChecker/...eAutoUpdate.cab
O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: dlbc_device - - C:\WINDOWS\system32\dlbccoms.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

--
End of file - 13978 bytes

Hi,

Perform next steps in the right order please...

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: Microsoft copyright - {5DF6AFEE-2291-4041-9A74-354624861746} - judgemq.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: egmulhxk.msdn_hlp - {E78B911A-6F68-4B84-8C19-EC417C9590E2} - C:\WINDOWS\system32\egmulhxk.dll (file missing)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O15 - Trusted Zone: http://*.rapmls.com <== check this entry if you didn't set it
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then, * Download ComboFix from here.
**Save it to your desktop**

In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.

In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

* Doubleclick combofix.exe
Follow the prompts.
Note - Your internet connection will be terminated while ComboFix runs. Do Not attempt to re-enable it. Should ComboFix terminate prematurely, restart the computer to restore connectivity.
Don't click on the window while the fix is running, because that will cause your system to hang.
In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".

When finished and after reboot (in case it rebooted), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

OK I did the checking of all items in HijackThis but now I am getting this message of "This application has failed to start because detoured.dll was not found. RE-installing..." I get this message many times when I reboot and when I tried to run ComboFix this messages keeps popping up for cmd.exe etc. I keep hitting ok and comboFix eventaully just stops at Deleting Files/Folders. so I am unable to tun the the comboFix program

Please delete Combofix and redownload it again from the same location.
But before you download it, please disable your Antivirus and Firewall since it may interfere with Combofix.
Then run Combofix again and post the log in your next reply together with a new HijackThislog.

Not sure what is causing the detoured.dll error.. or what is loading it. We'll find out afterwards.

Hi,

I guess I already know what is causing this detoured.dll error and why Combofix won't run. Found similar here:
http://forums.spywareinfoforum.info/index....mp;#entry598466

It appears that both of you have the Wave Systems Corp identity protection application that is configured to use digital certificates and NTRU Cryptosystems installed, so it's most probably that one causing the problem here and interfering.

So skip Combofix for now and do next instead..

* Download Deckard's System Scanner to your Desktop.

• Close all applications and windows.
• Double-click on dss.exe to run it, and follow the prompts.
• The scan may take a minute. When the scan is complete, a text file will open - main.txt
• Post the contents of this log in your next reply. Do not post the extra.txt present in that folder. Only post this when being asked.

Extra note.. Can you look on your C:\ if the file ComboFix-quarantined-files.txt exists? If so, copy and paste its contents in your next reply.
If not present, look if the folder C:\Qoobox exists. Let me know if you can find a detoured.dll.vir there in one of its subfolders.

I am sure now that this detoured.dll is related with Embassy Security Suite from Wave. It appears that many are having problems with it.

Here is the DSS.exe main.txt

Deckard's System Scanner v20071014.68
Run by Kamal on 2007-12-15 16:07:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kamal.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10, on 2007-12-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\WINDOWS\system32\dlbccoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kamal\Desktop\dss.exe
C:\WINDOWS\system32\wscntfy.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\PROGRA~1\HIJACK~1\Kamal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061229
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Whitney2_S2P] C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187412633250
O16 - DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} (CMMHost Object) - https://na3.salesforce.com/dwnld/mailmerge/AXMailMerge.cab
O16 - DPF: {A8339A6D-BB2D-4036-95A4-07E140D0A906} - https://na3.salesforce.com/setup/outlook/setups2/install.cab
O16 - DPF: {AB883AA5-F28E-462B-B2D7-8E3717FE933C} (SFCom Control) - https://na3.salesforce.com/setup/sforce/vm/SFCom.CAB
O16 - DPF: {AC954BAA-E9CF-4A31-8558-E4FBDDA7E3CC} - https://na3.salesforce.com/setup/outlook/setups2/install.cab
O16 - DPF: {AEA85AB7-A039-4119-BE17-B2908A5D347A} - https://na3.salesforce.com/setup/sforce/off...ForceOffice.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mentor.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {FB2B4949-13E9-43DE-8185-A8A27C225107} (CInstalledApps Object) - https://na3.salesforce.com/dwnld/IPChecker/...eAutoUpdate.cab
O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: dlbc_device - - C:\WINDOWS\system32\dlbccoms.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

--
End of file - 11290 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20071214-120128-124 O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
backup-20071214-120128-209 O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
backup-20071214-120128-227 O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
backup-20071214-120128-260 O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
backup-20071214-120128-352 O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
backup-20071214-120128-370 O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
backup-20071214-120128-381 O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
backup-20071214-120128-451 O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
backup-20071214-120128-573 O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
backup-20071214-120128-644 O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
backup-20071214-120128-705 O2 - BHO: egmulhxk.msdn_hlp - {E78B911A-6F68-4B84-8C19-EC417C9590E2} - C:\WINDOWS\system32\egmulhxk.dll (file missing)
backup-20071214-120128-726 O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
backup-20071214-120128-761 O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
backup-20071214-120128-762 O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
backup-20071214-120128-780 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
backup-20071214-120128-808 O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
backup-20071214-120128-889 O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
backup-20071214-120128-896 O2 - BHO: Microsoft copyright - {5DF6AFEE-2291-4041-9A74-354624861746} - judgemq.dll (file missing)
backup-20071214-120128-939 O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
backup-20071214-120128-966 O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
backup-20071214-120129-682 O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)
backup-20071214-120129-731 O15 - Trusted Zone: http://*.rapmls.com

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
3 catchme - c:\docume~1\kamal\locals~1\temp\catchme.sys (file missing)
2 DgiVecp - c:\windows\system32\drivers\dgivecp.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
3 GTKCMOS - c:\windows\system32\gtkcmos.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
0 PBADRV - c:\windows\system32\drivers\pbadrv.sys <Not Verified; Dell Inc; PBA Driver>
3 PNDIS5 (PNDIS5 NDIS Protocol Driver) - c:\documents and settings\kamal\desktop\ap311w_setup\pndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\progra~1\verizo~1\vzacce~1\smndis5.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 aawservice (Ad-Aware 2007 Service) - c:\program files\lavasoft\ad-aware 2007\aawservice.exe
2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - c:\program files\avira\antivir personaledition classic\sched.exe
2 Apple Mobile Device - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
2 bmwebcfg (Bytemobile Web Configurator) - c:\windows\system32\bmwebcfg.exe
2 DataSvr2 - c:\program files\wave systems corp\common\dataserver.exe
2 dlbc_device - c:\windows\system32\dlbccoms.exe
3 GoToMyPC - c:\program files\citrix\gotomypc\g2svc.exe
2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
2 tcsd_win32.exe (NTRU Hybrid TSS v2.0.25 TCS) - c:\program files\ntru cryptosystems\ntru hybrid tss v2.0.25\bin\tcsd_win32.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2007-12-11 18:19:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-15 and 2007-12-15 -----------------------------

2007-12-13 15:04:44 0 d-------- C:\Documents and Settings\Kamal\Application Data\Bytemobile
2007-12-13 13:19:41 0 d-------- C:\Program Files\Avira
2007-12-13 13:19:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-13 12:08:57 0 d-------- C:\Program Files\Lavasoft
2007-12-13 12:08:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-13 11:29:40 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-13 11:01:09 0 d-------- C:\Program Files\p2pnetworks
2007-12-13 09:11:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-13 08:55:59 0 d-------- C:\Documents and Settings\Kamal\.housecall6.6
2007-12-13 08:11:30 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-12-13 08:10:29 22784 --a------ C:\WINDOWS\eventlowg.dll
2007-12-13 08:10:29 17920 --a------ C:\WINDOWS\daxtime.dll
2007-12-13 08:10:28 27136 --a------ C:\WINDOWS\system32\msole32.exe
2007-12-13 08:10:28 17408 --a------ C:\WINDOWS\liqui.exe
2007-12-13 08:10:27 15872 --a------ C:\WINDOWS\xadbrk_.exe
2007-12-13 08:10:27 19712 --a------ C:\WINDOWS\xadbrk.exe
2007-12-13 08:10:27 15616 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2007-12-13 08:10:27 19712 --a------ C:\WINDOWS\kkcomp.exe
2007-12-13 08:10:27 29440 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2007-12-13 08:10:27 14848 --a------ C:\WINDOWS\fhfmm.exe
2007-12-13 08:10:26 9472 --a------ C:\WINDOWS\liqad.exe
2007-12-13 08:10:26 15872 --a------ C:\WINDOWS\liqad$.exe
2007-12-13 08:10:26 12800 --a------ C:\WINDOWS\kkcomp$.exe
2007-12-13 08:10:25 24832 --a------ C:\WINDOWS\wbeInst$.exe
2007-12-13 08:10:25 22784 --a------ C:\WINDOWS\settn.dll
2007-12-13 08:10:25 14336 --a------ C:\WINDOWS\hcwprn.exe
2007-12-13 08:10:25 14336 --a------ C:\WINDOWS\cbinst$.exe
2007-12-13 08:10:24 22272 --a------ C:\WINDOWS\iexplorr23.dll
2007-12-13 08:10:24 11264 --a------ C:\WINDOWS\adbar.dll
2007-12-13 08:10:23 27136 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2007-12-13 08:10:23 14848 --a------ C:\WINDOWS\spredirect.dll
2007-12-13 08:10:23 12544 --a------ C:\WINDOWS\jd2002.dll
2007-12-13 08:10:22 0 d-------- C:\Program Files\e-zshopper
2007-12-13 08:10:21 0 d-------- C:\Program Files\amsys
2007-12-13 08:10:20 0 d-------- C:\WINDOWS\system32\acespy
2007-12-13 08:10:20 18688 --a------ C:\WINDOWS\system32\ace16win.dll
2007-12-13 08:10:20 11520 --a------ C:\WINDOWS\ie_32.exe
2007-12-13 08:10:20 11520 --a------ C:\WINDOWS\aconti.exe
2007-12-13 08:10:19 30976 --a------ C:\WINDOWS\xxxvideo.exe
2007-12-13 08:10:19 25856 --a------ C:\WINDOWS\ngd.dll
2007-12-13 08:10:18 19712 --a------ C:\WINDOWS\hotporn.exe
2007-12-13 08:10:18 22272 --a------ C:\WINDOWS\dp0.dll
2007-12-13 08:10:16 20224 --a------ C:\WINDOWS\vxddsk.exe
2007-12-13 08:10:16 30208 --a------ C:\WINDOWS\system32\wml.exe
2007-12-13 08:10:16 12800 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-12-13 08:10:16 0 d-------- C:\Program Files\akl
2007-12-13 08:10:15 26624 --a------ C:\WINDOWS\wml.exe
2007-12-13 08:10:15 25088 --a------ C:\WINDOWS\7search.dll
2007-12-13 08:10:14 15104 --a------ C:\WINDOWS\pbar.dll
2007-12-13 08:10:14 8192 --a------ C:\WINDOWS\flt.dll
2007-12-13 08:10:14 16384 --a------ C:\WINDOWS\764.exe
2007-12-12 17:11:32 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-12-12 15:27:57 25600 --a------ C:\WINDOWS\system32\judgemq.dll
2007-12-12 10:32:58 0 d-------- C:\Program Files\iPod
2007-12-12 10:32:19 0 d-------- C:\Program Files\iTunes
2007-12-12 10:28:55 0 d-------- C:\Program Files\QuickTime
2007-12-11 11:29:52 0 d-------- C:\Documents and Settings\Kamal\Application Data\Research In Motion
2007-12-11 11:27:38 0 d-------- C:\Documents and Settings\Kamal\Application Data\Blackberry Desktop
2007-12-07 16:37:04 256 --a------ C:\Documents and Settings\Kamal\pool.bin
2007-11-28 17:01:30 256 --a------ C:\WINDOWS\system32\pool.bin


-- Find3M Report ---------------------------------------------------------------

2007-12-14 08:55:19 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-12-13 11:29:40 0 d-------- C:\Program Files\Common Files
2007-12-13 08:44:54 0 d-------- C:\Documents and Settings\Kamal\Application Data\Wave Systems Corp
2007-12-12 13:28:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-12 13:28:46 0 d-------- C:\Program Files\eMusic Download Manager
2007-12-12 11:52:41 0 d-------- C:\Program Files\salesforce.com
2007-12-05 15:42:25 0 d-------- C:\Documents and Settings\Kamal\Application Data\webex
2007-11-28 16:58:35 0 d-------- C:\Program Files\Common Files\Research In Motion
2007-11-04 13:01:35 0 d-------- C:\Documents and Settings\Kamal\Application Data\MetaProducts
2007-11-04 13:01:33 0 d-------- C:\Program Files\SubscribeNet Download Accelerator
2007-10-25 12:49:41 0 --a------ C:\WINDOWS\system32\PNDTF5
2007-10-23 06:24:57 0 d-------- C:\Program Files\MSECache
2007-10-16 06:44:42 9704 --a------ C:\Documents and Settings\Kamal\Application Data\SmarThruOptions.xml
2007-10-16 06:32:31 0 d-------- C:\Program Files\Java
2007-10-15 22:41:06 0 d-------- C:\Program Files\Artscan5


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 12:13]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 16:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 16:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 16:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 12:35]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 12:13]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-29 13:28]
"j2 4.2"="C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [2006-07-14 14:03]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"WD Button Manager"="WDBtnMgr.exe" [2007-08-27 17:53 C:\WINDOWS\system32\WDBtnMgr.exe]
"Whitney2_S2P"="C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe" [2007-01-26 00:33]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2007-01-21 23:55]
"AT&T Communication Manager"="C:\Program Files\AT&T\Communication Manager\ATTCM.exe" [2007-04-06 17:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-13 14:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 21:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 11:52]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 14:22]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-12-29 13:28:40]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-01-30 17:11:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 2007-01-12 16:45 10800 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2007-12-15 16:11:18 ------------

There is a detoured.dll.vir in c:\windows\system32.
Folder C:\Qoobox does exist.
I cannot seem to find ComboFix-quarantined-files.txt

Hi,

There are still a lot of malware related files present here, so let's delete them.

Perform next instructions..

* Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Where it says: "Paste List of Files/Folders to be Moved", copy and paste next bold part into that Window:
  
  C:\Program Files\p2pnetworks
  C:\WINDOWS\system32\stfv.bin
  C:\WINDOWS\eventlowg.dll
  C:\WINDOWS\daxtime.dll
  C:\WINDOWS\system32\msole32.exe
  C:\WINDOWS\liqui.exe
  C:\WINDOWS\xadbrk_.exe
  C:\WINDOWS\xadbrk.exe
  C:\WINDOWS\liqui-Uninstaller.exe
  C:\WINDOWS\kkcomp.exe
  C:\WINDOWS\fhfmm-Uninstaller.exe
  C:\WINDOWS\fhfmm.exe
  C:\WINDOWS\liqad.exe
  C:\WINDOWS\liqad$.exe
  C:\WINDOWS\kkcomp$.exe
  C:\WINDOWS\wbeInst$.exe
  C:\WINDOWS\settn.dll
  C:\WINDOWS\hcwprn.exe
  C:\WINDOWS\cbinst$.exe
  C:\WINDOWS\iexplorr23.dll
  C:\WINDOWS\adbar.dll
  C:\WINDOWS\system32\ESHOPEE.exe
  C:\WINDOWS\spredirect.dll
  C:\WINDOWS\jd2002.dll
  C:\Program Files\e-zshopper
  C:\Program Files\amsys
  C:\WINDOWS\system32\acespy
  C:\WINDOWS\system32\ace16win.dll
  C:\WINDOWS\ie_32.exe
  C:\WINDOWS\aconti.exe
  C:\WINDOWS\xxxvideo.exe
  C:\WINDOWS\ngd.dll
  C:\WINDOWS\hotporn.exe
  C:\WINDOWS\dp0.dll
  C:\WINDOWS\vxddsk.exe
  C:\WINDOWS\system32\wml.exe
  C:\WINDOWS\system32\vxddsk.exe
  C:\Program Files\akl
  C:\WINDOWS\wml.exe
  C:\WINDOWS\7search.dll
  C:\WINDOWS\pbar.dll
  C:\WINDOWS\flt.dll
  C:\WINDOWS\764.exe
  C:\WINDOWS\system32\dpqaqlqx.bin
  C:\WINDOWS\system32\judgemq.dll
  
  
  
• Then click the red Moveit! button below.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.. Then it will reboot your computer.
Even though OTMoveIT didn't ask to reboot your computer - reboot anyway, this since moved files may still be in use.

Then, after reboot, go to next folder: C:\_OTMoveIt\MovedFiles and search for the log: ********_******.log (the * stands for date and time) and post the contents of it in your next reply.

Ah, ok.

So the detoured.dll.vir is present in the C:\Qoobox\C\Windows\system32 folder? Or in the C:\Windows\system32 folder?

In anyway, the detoured.dll should be in your C:\Windows\system32 folder, so in case it's already present in the C:\Windows\system32 folder, rightclick it and choose rename and rename it to detoured.dll (without the .vir extension)
In case detoured.dll.vir present in the C:\Qoobox\C\Windows\system32 folder, rightclick that one, select rename and rename it back to detoured.dll
Then copy that one to your C:\Windows\system32 folder.

Also, can you send me a copy of this detoured.dll ?
To do this, Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to the detoured.dll.vir (or detoured.dll in case you already renamed it back)

Select it and click ok.
Then click the Send File button below.

The detoured.dll.vir is present in the C:\Windows\system32 folder. renamed it to detoured.dll.
IT is also present in c:\386 folder

I have uploaded the detoured.dll.vir file

Here is the logfile after running OTmoveit and rebooting. I did get warnings that certain files are not registered.

C:\Program Files\p2pnetworks moved successfully.
C:\WINDOWS\system32\stfv.bin moved successfully.
LoadLibrary failed for C:\WINDOWS\eventlowg.dll
C:\WINDOWS\eventlowg.dll NOT unregistered.
C:\WINDOWS\eventlowg.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\daxtime.dll
C:\WINDOWS\daxtime.dll NOT unregistered.
C:\WINDOWS\daxtime.dll moved successfully.
C:\WINDOWS\system32\msole32.exe moved successfully.
C:\WINDOWS\liqui.exe moved successfully.
C:\WINDOWS\xadbrk_.exe moved successfully.
C:\WINDOWS\xadbrk.exe moved successfully.
C:\WINDOWS\liqui-Uninstaller.exe moved successfully.
C:\WINDOWS\kkcomp.exe moved successfully.
C:\WINDOWS\fhfmm-Uninstaller.exe moved successfully.
C:\WINDOWS\fhfmm.exe moved successfully.
C:\WINDOWS\liqad.exe moved successfully.
C:\WINDOWS\liqad$.exe moved successfully.
C:\WINDOWS\kkcomp$.exe moved successfully.
C:\WINDOWS\wbeInst$.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\settn.dll
C:\WINDOWS\settn.dll NOT unregistered.
C:\WINDOWS\settn.dll moved successfully.
C:\WINDOWS\hcwprn.exe moved successfully.
C:\WINDOWS\cbinst$.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\iexplorr23.dll NOT unregistered.
C:\WINDOWS\iexplorr23.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\adbar.dll
C:\WINDOWS\adbar.dll NOT unregistered.
C:\WINDOWS\adbar.dll moved successfully.
C:\WINDOWS\system32\ESHOPEE.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\spredirect.dll
C:\WINDOWS\spredirect.dll NOT unregistered.
C:\WINDOWS\spredirect.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\jd2002.dll
C:\WINDOWS\jd2002.dll NOT unregistered.
C:\WINDOWS\jd2002.dll moved successfully.
C:\Program Files\e-zshopper moved successfully.
C:\Program Files\amsys moved successfully.
C:\WINDOWS\system32\acespy moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\ace16win.dll NOT unregistered.
C:\WINDOWS\system32\ace16win.dll moved successfully.
C:\WINDOWS\ie_32.exe moved successfully.
C:\WINDOWS\aconti.exe moved successfully.
C:\WINDOWS\xxxvideo.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\ngd.dll
C:\WINDOWS\ngd.dll NOT unregistered.
C:\WINDOWS\ngd.dll moved successfully.
C:\WINDOWS\hotporn.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\dp0.dll
C:\WINDOWS\dp0.dll NOT unregistered.
C:\WINDOWS\dp0.dll moved successfully.
C:\WINDOWS\vxddsk.exe moved successfully.
C:\WINDOWS\system32\wml.exe moved successfully.
C:\WINDOWS\system32\vxddsk.exe moved successfully.
C:\Program Files\akl moved successfully.
C:\WINDOWS\wml.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\7search.dll
C:\WINDOWS\7search.dll NOT unregistered.
C:\WINDOWS\7search.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\pbar.dll
C:\WINDOWS\pbar.dll NOT unregistered.
C:\WINDOWS\pbar.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\flt.dll
C:\WINDOWS\flt.dll NOT unregistered.
C:\WINDOWS\flt.dll moved successfully.
C:\WINDOWS\764.exe moved successfully.
C:\WINDOWS\system32\dpqaqlqx.bin moved successfully.
C:\WINDOWS\system32\judgemq.dll unregistered successfully.
C:\WINDOWS\system32\judgemq.dll moved successfully.

Created on 12-15-2007 16:36:42

Thanks for the file. I am 99 sure it is indeed related with EMBASSY Trust Suite by Wave Systems, so not sure why it got renamed by a scanner. This detour.dll is most probably loaded by the wxvault.dll (which is also related with EMBASSY Trust Suite by Wave Systems) which explains why you are getting an error everytime when you run most applications. Because wxvault.dll is loaded under the Appinit_dlls, which means it's loaded under every application that also loads user32.dll.

From your Avira report, it didn't report detoured.dll, so I guess Avira didn't touch that one.
I know Combofix renames files to a .vir extension, however, it should move the files to the C:\qoobox folder then. In your case, it was still present in your main C:\Windows\system32 folder.
But since Combofix actually never finished, that may explain why it wasn't moved.

Anyway, rename the detoured.dll.vir back to detoured.dll

Yes, that's normal. Don't worry about this. Actually, most of these dll files were "dummy" files.

Can you rescan with Deckard System Scanner and post the new log please?

Here is the latest DSS main.txt



Deckard's System Scanner v20071014.68
Run by Kamal on 2007-12-15 16:58:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kamal.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58, on 2007-12-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\system32\dlbccoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kamal\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Kamal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061229
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Whitney2_S2P] C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-3724536998-278711202-4277585375-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187412633250
O16 - DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} (CMMHost Object) - https://na3.salesforce.com/dwnld/mailmerge/AXMailMerge.cab
O16 - DPF: {A8339A6D-BB2D-4036-95A4-07E140D0A906} - https://na3.salesforce.com/setup/outlook/setups2/install.cab
O16 - DPF: {AB883AA5-F28E-462B-B2D7-8E3717FE933C} (SFCom Control) - https://na3.salesforce.com/setup/sforce/vm/SFCom.CAB
O16 - DPF: {AC954BAA-E9CF-4A31-8558-E4FBDDA7E3CC} - https://na3.salesforce.com/setup/outlook/setups2/install.cab
O16 - DPF: {AEA85AB7-A039-4119-BE17-B2908A5D347A} - https://na3.salesforce.com/setup/sforce/off...ForceOffice.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mentor.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {FB2B4949-13E9-43DE-8185-A8A27C225107} (CInstalledApps Object) - https://na3.salesforce.com/dwnld/IPChecker/...eAutoUpdate.cab
O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: dlbc_device - - C:\WINDOWS\system32\dlbccoms.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

--
End of file - 11274 bytes

-- Files created between 2007-11-15 and 2007-12-15 -----------------------------

2007-12-15 15:12:43 4096 --a------ C:\WINDOWS\system32\detoured.dll
2007-12-13 15:04:44 0 d-------- C:\Documents and Settings\Kamal\Application Data\Bytemobile
2007-12-13 13:19:41 0 d-------- C:\Program Files\Avira
2007-12-13 13:19:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-13 12:08:57 0 d-------- C:\Program Files\Lavasoft
2007-12-13 12:08:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-13 11:29:40 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-13 09:11:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-13 08:55:59 0 d-------- C:\Documents and Settings\Kamal\.housecall6.6
2007-12-12 10:32:58 0 d-------- C:\Program Files\iPod
2007-12-12 10:32:19 0 d-------- C:\Program Files\iTunes
2007-12-12 10:28:55 0 d-------- C:\Program Files\QuickTime
2007-12-11 11:29:52 0 d-------- C:\Documents and Settings\Kamal\Application Data\Research In Motion
2007-12-11 11:27:38 0 d-------- C:\Documents and Settings\Kamal\Application Data\Blackberry Desktop
2007-12-07 16:37:04 256 --a------ C:\Documents and Settings\Kamal\pool.bin
2007-11-28 17:01:30 256 --a------ C:\WINDOWS\system32\pool.bin


-- Find3M Report ---------------------------------------------------------------

2007-12-15 16:33:43 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-12-13 11:29:40 0 d-------- C:\Program Files\Common Files
2007-12-13 08:44:54 0 d-------- C:\Documents and Settings\Kamal\Application Data\Wave Systems Corp
2007-12-12 13:28:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-12 13:28:46 0 d-------- C:\Program Files\eMusic Download Manager
2007-12-12 11:52:41 0 d-------- C:\Program Files\salesforce.com
2007-12-05 15:42:25 0 d-------- C:\Documents and Settings\Kamal\Application Data\webex
2007-11-28 16:58:35 0 d-------- C:\Program Files\Common Files\Research In Motion
2007-11-04 13:01:35 0 d-------- C:\Documents and Settings\Kamal\Application Data\MetaProducts
2007-11-04 13:01:33 0 d-------- C:\Program Files\SubscribeNet Download Accelerator
2007-10-25 12:49:41 0 --a------ C:\WINDOWS\system32\PNDTF5
2007-10-23 06:24:57 0 d-------- C:\Program Files\MSECache
2007-10-16 06:44:42 9704 --a------ C:\Documents and Settings\Kamal\Application Data\SmarThruOptions.xml
2007-10-16 06:32:31 0 d-------- C:\Program Files\Java
2007-10-15 22:41:06 0 d-------- C:\Program Files\Artscan5


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 12:13]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 16:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 16:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 16:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 12:35]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 12:13]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-29 13:28]
"j2 4.2"="C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [2006-07-14 14:03]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"WD Button Manager"="WDBtnMgr.exe" [2007-08-27 17:53 C:\WINDOWS\system32\WDBtnMgr.exe]
"Whitney2_S2P"="C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe" [2007-01-26 00:33]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2007-01-21 23:55]
"AT&T Communication Manager"="C:\Program Files\AT&T\Communication Manager\ATTCM.exe" [2007-04-06 17:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-13 14:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 21:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 11:52]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 14:22]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-12-29 13:28:40]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-01-30 17:11:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 2007-01-12 16:45 10800 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2007-12-15 16:58:40 ------------

Hi,

This looks OK again.

* Open OTMoveIt and click the CleanUp! button on top.
In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present. They are not needed anymore, so OtMoveIt will delete them.
Do not edit anything in that Window!
Don't worry if it displays some tools you didn't download/use.
Click Yes when it asks to Begin cleanup process.
Then reboot your computer.

Let me know in your next reply how things are now.

Things look pretty good. No .dll error. Popups are gone. The only thing I have noticed is that the system is running quite slow. booting and running apps but everything else looks good.

Yes, but you do have a lot of programs starting up with Windows as well which are loaded in the background, so that explains it

Please take a look here to improve system performance and read my Prevention page with lots of info and tips how to prevent this in the future.

Happy Surfing again!

Thank you so much. You are the best--I am so grateful to you

You're most welcome

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !