As I'm sure you're aware, I had to get back online to run the AV scan. Here is the DSS log you requested. It was necessary to rename the BitDefender file from .html to .txt in order to upload. If you have trouble viewing it just change the extension back to .html
.
Cheers,
Johh
-------------------
Deckard's System Scanner v20070423.42
Run by David on 2007-04-30 at 15:46:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as David.exe) -----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:47:06 PM, on 4/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\David\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\David.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) -
http://scpwka.ops.placeware.com/etc/...uicksilver.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/reso...an8/oscan8.cab
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SP Software Installer - Unknown owner - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe (file missing)
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
-- Files created between 2007-03-30 and 2007-04-30 -----------------------------
2007-04-30 13
27 0 d-------- C:\quarantine
2007-04-30 12:14:17 0 d-------- C:\WINDOWS\BDOSCAN8
2007-04-27 11:56:36 0 d-------- C:\Documents and Settings\David\DoctorWeb
2007-04-27 11:51:44 0 d-------- C:\Program Files\Common Files\Java
2007-04-27 11:51:02 0 d-------- C:\Documents and Settings\David\Application Data\Sun
2007-04-27 03:00:55 0 d-------- C:\WINDOWS\System32\PreInstall
2007-04-26 15:03:43 49152 --a------ C:\WINDOWS\nircmd.exe <Not Verified; NirSoft; NirCmd; 1.85; 1.85>
2007-04-26 14:47:50 0 d-------- C:\WINDOWS\System32\SoftwareDistribution
2007-04-26 14:47:12 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-04-26 09:40:30 3968 --a------ C:\WINDOWS\System32\drivers\AvgAsCln.sys <Not Verified; GRISOFT, s.r.o.; AVG7 Clean Driver; 1.0.0.14; 1.0.0.14>
2007-04-26 09:17:58 974914 --a------ C:\WINDOWS\System32\RC48E140.DLL <Not Verified; RICOH CO., LTD.; RICOH RPCS Printer Driver; 1.00; 7.3.0>
2007-04-26 09:17:58 32768 --a------ C:\WINDOWS\System32\RC00C140.dll <Not Verified; RICOH CO., LTD.; RC00C140; 7.3.0; 7.3.0>
2007-04-26 09:17:57 61440 --a------ C:\WINDOWS\System32\TrackID.dll <Not Verified; RICOH COMPANY,LTD.; Track ID; 1, 0, 4, 1; 1, 0, 4, 1>
2007-04-26 09:17:57 69632 --a------ C:\WINDOWS\System32\TIFmtA.dll <Not Verified; RICOH COMPANY,LTD.; Track ID; 1, 0, 4, 0; 1, 0, 4, 0>
2007-04-26 09:17:57 49152 --a------ C:\WINDOWS\System32\TIBase64.dll <Not Verified; RICOH COMPANY,LTD.; Track ID; 1, 0, 1, 0; 1, 0, 1, 0>
2007-04-26 09:17:57 262364 --a------ C:\WINDOWS\System32\rpcsecl.dll <Not Verified; RICOH; RICOH RPCS Printer Driver Module rpcsecl; 3, 3, 3, 0; 3, 3, 3, 0>
2007-04-26 09:17:57 221184 --a------ C:\WINDOWS\System32\RICJC32.dll <Not Verified; RICOH CO.,Ltd.; RICJC32; 1, 3, 4, 0; 1, 3, 4, 0>
2007-04-26 09:17:57 61440 --a------ C:\WINDOWS\System32\rdrvlog.dll <Not Verified; RICOH; RICOH rdrvlog; 0, 3, 7, 0; 0, 3, 7, 0>
2007-04-26 09:17:57 57344 --a------ C:\WINDOWS\System32\rdrvinf.dll <Not Verified; RICOH Co.,Ltd.; RICOH RPDL Driver; 6, 3, 1, 0; 6, 3, 1, 0>
2007-04-26 09:17:57 77824 --a------ C:\WINDOWS\System32\RCPRINT.dll <Not Verified; RICOH CO., LTD.; RICOH RPCS Printer Driver; 1.3.1.0; 1.3.1.0>
2007-04-26 09:17:57 126976 --a------ C:\WINDOWS\System32\Rc4manNT.dll <Not Verified; RICOH CO., LTD.; RC4MAN; 4, 0, 5, 0; 4, 0, 5, 0>
2007-04-26 09:17:57 167936 --a------ C:\WINDOWS\System32\JCUI.exe <Not Verified; Ricoh Co.,Ltd.; JCUI; 1, 3, 3, 0; 1, 3, 3, 0>
2007-04-26 09:17:56 53248 --a------ C:\WINDOWS\System32\RICDB32.dll <Not Verified; RICOH CO.,Ltd.; RICDB; 1, 1, 3, 0; 1, 1, 3, 0>
2007-04-26 09:17:56 27136 --a------ C:\WINDOWS\System32\RCINST.dll <Not Verified; RICOH CO., LTD.; RICOH RPCS Printer Driver; 0, 2, 0, 2; 2.0.2>
2007-04-26 09:17:56 32768 --a------ C:\WINDOWS\System32\rc4mon.dll <Not Verified; RICOH CO.,Ltd.; RC4MON; 3, 3, 1, 0; 3, 3, 1, 0>
2007-04-26 09:17:56 1236992 --a------ C:\WINDOWS\System32\MP450dat.dll <Not Verified; RICOH CO., LTD.; MP450dat.dll; 1, 0, 0, 0; 1, 0, 0, 0>
2007-04-26 09:17:56 37376 --a------ C:\WINDOWS\System32\MFRICRES.dll <Not Verified; RICOH CO.,Ltd.; MFRICRES; 1, 0, 3, 0; 1, 0, 3, 0>
2007-04-26 09:17:56 0 d--h----- C:\_rpcs
2007-04-25 14:55:37 2552 --a------ C:\WINDOWS\System32\tmp.reg
2007-04-25 14:55:09 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS; ; >
2007-04-25 14:55:09 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility; 2, 0, 0, 0; 2, 0, 0, 0>
2007-04-25 14:55:09 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2007-04-25 12:00:08 0 d-------- C:\Program Files\Hijack This
2007-04-08 20:58:22 0 d-------- C:\Documents and Settings\David\Application Data\MSN6
-- Find3M Report ---------------------------------------------------------------
2007-04-27 11:53:54 0 d-------- C:\Program Files\Java
2007-04-27 11:50:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-26 14:47:52 0 d--h----- C:\Program Files\WindowsUpdate
2007-04-26 11:37:58 0 d-------- C:\Program Files\Common Files\Companion Wizard
2007-04-08 20:03:07 0 d-------- C:\Documents and Settings\David\Application Data\PhotoParade
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ATIModeChange"="Ati2mdxx.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"CPQDFWAG"="C:\\WINDOWS\\Cpqdiag\\CpqDfwAg.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link REG Utility.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\D-Link REG Utility.lnk"
"backup"="C:\\WINDOWS\\pss\\D-Link REG Utility.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\D-Link\\AIRPLU~1\\Reg.exe "
"item"="D-Link REG Utility"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkAdmin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CHKADMIN"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Compaq\\COMPAQ~1\\CHKADMIN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb07"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdaterUI"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fppdis2a"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fppdis2a.exe\" /source=HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EngUtil"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SHSTAT"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ip6FwHlp"=dword:00000003
"cpqWebDmi"=dword:00000002
"CPQALERT"=dword:00000002
"awhost32"=dword:00000003
"Ati HotKey Poller"=dword:00000002
"ACS"=dword:00000002
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
-- End of Deckard's System Scanner: finished at 2007-04-30 at 15:47:30 ---------