34 replies to this topic

[BobDylan]

Quiet - not having much luck here. Spent most of last night getting the Kapersky results, and finally got it to work today.
But it said both of the winlogon.exe files were okay. Although the second one, was displayed like this on the results screen: w'nlogon.exe, whereas the first one was displayed as: winlogon.exe if that means anything.
Good news is that AdAware actually came up clean this time, but SpyBot still has that Huntbar which it can't fix. Then I had problems with the Microsoft AntiSpyware Beta scan. For all 3 scan options, it would get stuck in the registry during the HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Tools part and become unreponsive where I would have to turn the power off to restart the PC. For the parts it did scan, it did return about 39 items I think - mostly things like eZula, etc - although I didn't think to write them down before I rebooted. I'm going to try to reinstall that again to see if it will work better, but I just wanted to keep you updated.
And if you do have that regcleaner program handy, I think I would like to use it as I think I have some problems in the registry. The PC runs about the same - sometimes it will connect to Roadrunner, but after a few minutes it stops responding.
Thanks,
Pete

And if you need it here's the latest HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:25:39 AM, on 3/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\HJT\HijackThis.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.rr.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futurema...lobal/msc34.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7BEC965-8019-46F1-855C-B31ACB970D42}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe" "WMP54Gv4.exe (file missing)

[QuietFusion]

Try the microsoft scan in safe mode. To boot into safe mode, reboot, during that reboot press f8 and select safe mode. Run the scan from safe mode. the w'nlogon.exe wasn't flagged by Kaspersky? Meaning it identified that file as a virus or trojan? Let me know if the safe mode scan works, please.

[BobDylan]

I'll do that scan in safe mode right now and post back. And the w'nlogon.exe was not flagged by Kapersky as a virus or trojan - it said it was okay. Pete

[BobDylan]

Well, still couldn't complete the Microsoft AntiSpyware scan in Safe Mode either - tried reinstalling the program, and did a few different scans but it still stops responding once it hits that one HKEY_LOCAL_MACHINE part every time. It did manage to come up with 12 items before it stalled, which I wrote down this time: Ezula.TopText Adware (4 signatures) VirtualBouncer Adware MySearchBarBrowser Plug In eXact Bargain Buddy (3 signatures) vx2.ABetterInternet Adware 180SearchAssistant Adware (2 signatures) AproposMediaBrowser Modifier (7 signatures) PowerReg Scheduler Spyware Exact.Downloader TrojanDownloader MediaTickets CDT Software Avenue Media.DyFuCA (3 signatures) WinTools Trojan I'm not sure if would have fixed these as it stops responding, and I don't think any of these were picked up by SpyBot also. (If it helps - a couple times a message popped up during the scan stating the Virtual Memory was too low and that it was repaging, but after that it never got going again, so I'm not sure if I need to change some settings with the Virtual Memory but I'm not sure how to do that.) Thanks, Pete

[QuietFusion]

Playing anti-spy right now, let me see if I can figure out a way to complete the scan.

[QuietFusion]

Please tell me your setting configuration you have right now. Click Scan Options: Are your using Intelligent Quick Scan or Full System Scan? Secondly, Click Options > Go To Settings > Real-Time Protection > Uncheck both 'Startup Options' and 'Real-time spyware threat protection' Now try a scan and see if it works. Lastly, I need to know the exact key is freezing on, I'll cull through the MS databases and see if there are any know problems with Anti-spy freezing on a certain key. The more info the better.

[BobDylan]

I've tried it in both Intelligent Quick Scan and Full System Scan (as well as the Deep Scan), and they all get stuck the same. Also tried just doing separate folders, but I'm not sure which one to deslect so it doesn't do the HKEY_LOCAL_MACHINE area. Just tried deselecting the Startup Options and RealTime Spyware Threat Protection in the Settings and it did the same thing. This is the exact folder that it always gets stuck on: HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/WinTools I'll try some other options again to see if I can complete a scan. Thanks

[QuietFusion]

Looks like we are going to manually delete that entry. Click Start > Run > type regedit hit enter > Navigate to the following key HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/WinTools Find HKEY_LOCAL_MACHINE and click Find 'Software' and click > Find 'Microsoft' and click > Find 'Windows' and click > Find 'CurrentVersion' and click > Find 'Uninstall' and click > Finally when you get to wintools right-click and select delete. Close out Regedit and lets see if that helps the scan complete.

[BobDylan]

That worked Quiet - I had tried every other option in the Anti SpyWare options tab, reset the Virtual Memory, and some other things but it was still getting stuck during the scan. At first the regedit wouldn't let me delete the WinTools folder - but I clicked on a 'Permissions' option that comes up when you right-click the folder and made some changes that allowed me to delete it. Just a couple things though - there were 2 other folders in the registry right under the WinTools one, named WinTools_ADKW and WinTools_ESIES. They also can't be deleted (unless you get permission I guess, which I haven't done yet), and when I click on them to see their contents, it was the same as the WinTools folder which I deleted: had a little boxlike thing with "ab" inside it, followed by"(default) REG_52 (value not set)". But I'm figuring if the scan works now, that I'll leave those alone, unless you think they might cause something to come back again. The other thing is, that after clicking remove on the detected items for the Anti Spyware scan and rebooting, I find that there's 3 items that keep being detected again when I run the scan to see if it's clean. (The scan had checked to ignore or quarantine some I think, but I hit remove for all of them - hope that was right.) These are the 3 items that keep reappearing on the full scan: Transponder. DLMax Transponder.Farmmext Adm Transponder.PynixSpyware I remember that the farmmext thing was something that TrojanHunter couldn't delete, so I don't know if that's the next thing to work on, and I'm not sure what to make of the other two. The good news is that HuntBar hasn't come up on the SpyBot scan after doing it 2 or 3 times now - so I think you nailed that one! And one other thing from a few posts ago - I see there's also a file analyzer on the Microsoft Anti Spyware tool (like Kapersky's). I put both of those winlogon.exe files through them - nothing suspicious was found, but the second one was read as 'w?nlogon.exe' when the report came up - so I'm wondering if that one should be deleted as you thought one was a virus (and if it matters they are both about the same size). Let me know what you think of all this - and if you have any recommendations on which programs to keep going to keep me clean I'd really appreciate it. Finally, when I last checked, the PC seemed to be connecting fine to RoadRunner and the internet with both IE and Firefox after making that little registry deletion and Huntbar removal, so hopefully it will stay like that as that's been a problem. Thanks again! Pete

[BobDylan]

Just a quick update - the PC is back to acting finicky again and won't connect to the internet with IE or Firefox, I suspect it's due to some trojans that couldn't be cleared. AdAware and Spybot are coming up clean still, but Trojan Hunter has 3 trojans that it can't get rid of. These are: C:\WINDOWS\Temp\DrTemp\bho_prob.exe C:\WINDOWS\Temp\DrTemp\thnall1p.exe C:\WINDOWS\Temp\THI3D29.tmp\farmmext.exe I can find these 3 folders in the C:\WINDOWS\Temp folder (not the Temporary Internet Files folder), and when you open them they have the Farmmext Adware, and some other folders for the DLMax and Pynix Spyware that couldn't be deleted by the AntiSpyware beta. So, I'm real tempted to delete everything in this WINDOWS\Temp folder as it seemes it would take care of these left over Trojans and Spyware that the other tools aren't deleting. Let me know what you think about doing that, as well as about the other WinTools folders and winlogon.exe files from my last post. Thanks! Pete

[QuietFusion]

To clean out the temp folder run the cleanup! program I had you download a few posts back. Remove those wintools entries in your registry, you don't need any of them. I am a little confused, are you able to complete a Anti-Spy scan or not?

[BobDylan]

Sorry for all the confusion - but yes, the Anti Spyware scan does work now. It will clean out everything it detects, but I see now that it did it's scheduled scan at 3:00 AM and came up with 22 more items again - some of which had been previously deleted. I'll delete those other 2 WinTools items in the registry and clean out the Temp folder also. Thanks, Pete

[QuietFusion]

I have had the same problem, Anti-spy finds the same items in successive scans. Can you please post a fresh Hijackthis scan just to make sure we've cleaned everything out. How is the computer running now?

[BobDylan]

I think I found the problem - those 3 items that can't be deleted all are part of the Transponder virus it seems, which after doing some research seems to be a tough one to get rid of. The CleanUp program doesn't clean out the Temp file that the folders are in, and if you try to do it manually it says that access is denied. Some sites say you have to rename the files a certain way which looks kind of complicated to me, and a site I'm looking out says the subkeys can be deleted in the Registry HKEY_LOCAL_MACHINE/SOFTWARE but I can't find the right ones, and I guess there's several of them. Again, mine are the DLMax, Farmmext, and Pynix groups.
This is the site I'm looking at now for help, but there a lot of others to check also:

http://www.spy-bot.net/Transponder.asp

The computer is the same otherwiise, works pretty good in AOL just a little slow, but still can't connect by Roadrunner through IE or FDirefox, and it seems it's all due to this Transponder thing I'm guessing.

Here's my latest HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:10:51 PM, on 4/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\regedit.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.rr.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7BEC965-8019-46F1-855C-B31ACB970D42}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe" "WMP54Gv4.exe (file missing)

Thanks and let me know what you think about the Transponder removal.
Thanks!
Pete

[QuietFusion]

Download the following removal utility and save to your desktop.
http://securityrespo...er/FixBinet.exe

Now boot into safe mode (during reboot press f8 and select safe mode). Once in safe mode run the uninstall utility twice.

Next, check your temp folder and see if you can delete the temp files in that folder.

Reboot back into normal mode and run a couple of scans to see if it finds anything. Ad-aware, Spy-bot, and Anti-Spy.

Is trojanhunter finding anything?