Sorry to be adding to the multiple posts on this, but I tried everything to no avail.
4/29 my ZoneAlarm kept bugging me about a registry change that wanted to take place, stupid me thought it was a MS update b/c it was so persistent (and b/c I had just turned on my computer). I allowed it, then bam.
I am running Avast Home 4.8, it picks up the trojan in the memory test that runs before the scan commences. It is always the same .dll that is infected, found in
c:\WINNIT\system32\xevrbebc.dll
The rest of the scan is clean. I ran Avast multiple times and tried to remove it but it can’t, tried to run it is safe mode, still can’t, ran Spybot, cleaned some stuff up, ran Vundofix and VirtmundoBeGone in reg & safe modes, nada, & was going to try to manually remove the .dll myself w/Unlocker but it showed that many apps were tied to it, was afraid to delete b/c I have no idea what I am doing. I also ran AVG Anti-Rootkit twice and came up clean both times.
I cleaned all w/CCleaner, rebooted, then ran DSS and have the current version of HiJackThis installed. The main.txt from DSS follows, the HiJackThis log is identical except for the line numbering. Let me know if I should DL/run ComboFix & post that log.
BTW, I haven’t noticed any persistent negative effects from the trojan in the few times that I have used the laptop since infection, though I have decided to stop using that laptop (I’m posting on another now, using a USB drive to transfer info). It’s an older laptop but has served me well. The problems that have popped up are a physical dumping of memory, causing the laptop to restart (I have 2 gigs of 17 total free on my hard, am running basic RAM levels, perhaps I am cutting it too close?) - this happens a few minutes after start up, once scandisk runs it stabilizes. I think I do recall errant pop ups for spyware cleaners too - characteristic symptoms of this trojan according to what I have read.
Okay, the log will follow in the next post, I can’t get all of this into 1 w/o exceeding the character max. I’m sorry to be verbose, thought that the more info provided the better, thanks in advance for your help!