Weird secretive viruses and spyware

[silversquire848]

Before I start, I would like to express my appreciation for anyone who helps me with this issue, I greatly appreciate your help.

I have used this site before for my problems and it has greatly helped me.

My problem is that recently, weird things have been downloaded onto my desktop without my consent or anyone who uses this computer's consent.

Also in the history of Mozilla firefox, the browser i usually use, bad websites have been displayed but i never visited any of them.

This has been slowly getting worse. I don't know what I did wrong and I really need help. I think it is a hard to find spyware or virus but i'm not sure,
PLEASe HELP

[silversquire848]

First of all, weird things keep happennig to my desktop, For instance, in my icon tray in the lower right hand corner a blank bublble appears and refuses to go away unless i click on it. Also movie clipos that i didn't download keep appearing on my desktop. Some one please help.


bump.

[forhockey]

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

Please be patient with me during this time.

---------------------------------------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

[silversquire848]

Thank you for helping me I really appreciate it.

Here is main.txt, copied word for word:

---------------------------------------------------------------
Deckard's System Scanner v20070426.43
Run by smith on 2007-05-09 at 22:52:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
59: 2007-05-10 02:52:21 UTC - RP127 - Deckard's System Scanner Restore Point
58: 2007-05-08 22:38:28 UTC - RP126 - System Checkpoint
57: 2007-05-06 00:23:53 UTC - RP125 - System Checkpoint
56: 2007-05-03 20:04:18 UTC - RP124 - System Checkpoint
55: 2007-05-01 02:08:32 UTC - RP123 - System Checkpoint


-- First Restore Point --
1: 2007-02-08 19:19:23 UTC - RP69 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as smith.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:52:34 PM, on 5/9/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Documents and Settings\smith\My Documents\dss.exe
C:\HJT\HIJACK~1\smith.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/060...ie06071909.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...76/mcfscan.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neut...cab?10,0,910,0
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (VPINSTANCE) (MSSQL$VPINSTANCE) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVPINSTANCE (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- HijackThis Fixed Entries (C:\HJT\HIJACK~1\backups\) -------------------------

backup-20061024-213528-637 O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
backup-20061024-213528-857 O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
backup-20061024-213528-940 O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - (no file)
backup-20061025-204909-180 O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - (no file)
backup-20061025-204909-794 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20061025-204909-959 O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>


-- Scheduled Tasks -------------------------------------------------------------

2007-03-09 19:30:00 354 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DELL3100-Rashmin).job


-- Files created between 2007-04-09 and 2007-05-09 -----------------------------

2007-04-09 17:00:27 0 d-------- C:\Program Files\DellSupport


-- Find3M Report ---------------------------------------------------------------

2007-05-05 18:27:39 0 d-------- C:\Documents and Settings\smith\Application Data\AVG7
2007-04-28 15:51:59 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-28 15:51:57 88 -r-hs---- C:\WINDOWS\system32\72F6291B7C.sys
2007-04-13 03:08:39 10752 --a------ C:\Documents and Settings\smith\Application Data\dvd.bmk
2007-04-09 17:08:28 0 d--h----- C:\Documents and Settings\smith\Application Data\Gtek


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} C:\Program Files\BAE\BAE.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Norton Ghost 10.0"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
"MMTray"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mm_tray.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_VPROEVENTMONITOR


-- End of Deckard's System Scanner: finished at 2007-05-09 at 22:53:02 ---------

[silversquire848]

Another weird thing that i would like to mention is that a weird window keeps popping up.
It's titled: Sonic Update Manager.
It says: the feature you are trying to use is on a CD-Rom or other removable disk that is not available. Insert the 'Sonic Update Manger' disk and click OK


When i click cancel another message box pops up saying:
An installation package for the product Sonic Update Manger cannot be found. Try the installation again using a valid copy of the installation package 'UM.MSI'.

When I click OK again, it says: please wait while Windows configures Sonic update manager.

. . . and then it goes back to the first message box and it's a continous loop.
The only way i can stop it is by using task manager to end task.
I hope that the virus or whatever it is hasn't deleted my installation files for the Sonic program. Also in my icon tray, there appears to be a gap where there is no icon displayed. This keeps getting weirder and weirder everyday.
Please help before something irreparable happens.

[forhockey]

Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below.
Make sure to work through all the Steps in the exact order in which they are listed below.
If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Do not run option #2 unless instructed to!!

---------------------------------------------------------------------------------------------

Update AVG Anti-Spyware

I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix.

Run AVG Anti-Spyware

• From the main screen, click on update, then click the Start
  update button.
• After the update finishes (the status bar at the bottom will display "Update
  successful")
• select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
• Select "Automatically generate report after every scan"
• Un-Select "Only if threats were found"
• Exit AVG Anti-Spyware. DO NOT scan yet.

---------------------------------------------------------------------------------------------

Enter Safe Mode

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8
3. Instead of Windows loading as normal, a menu should appear
4. Use the up arrow key to highlight Safe Mode and press Enter.
5. Login with your usual account
6. Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

---------------------------------------------------------------------------------------------

Restart your computer in Normal Mode.

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Please include the following in your next reply:

SmitfraudFix Results
AVG Anti-Spyware log
Panda Results

[forhockey]

Hi silversquire848,

In addition to my previous instructions, please locate and post this log, please. It may help us with your Sonic issue.

C:\Deckard\System Scanner\moved.txt

[silversquire848]

Before I post the logs in my next post, I would just like to tell you some other things and clarify some issues.

first of all, the SONIC issue now started happening with my COREL PHOTOALBUM and the same message pops up. I think I should revert back to one of my System Restore points or sooner or later this will happen to all my programs. Should I do this and why is this happening?

Second, in the panda scan, (included in next post) the first item is the smitfraud, however the second item's location was: C:\sUBs\TSF\nircmd.exe
Why is TSF in the name?

third, when i ran pandascan the first time, there was a virus that was detected and disinfected, however the computer was accidentally shut down so the report was never produced. The second time I ran pandascan I was able to complete it thoroughly so even though the virus won't appear in the log it was there and it was disinfected.

fourth, the gap in my icon tray is still there and won't go away. sometimes a bubble appears over the tray with nothing in it.

I hope I clarified some issues. As for my questions, i would appreciate it if you could answer them in your next post. Thanks.

[silversquire848]

Hi here are all the logs.




--------------------------------------------------------------------------
here is the smitfruad fix results:

SmitFraudFix v2.181

Scan done at 17:09:13.42, Fri 05/11/07
Run from C:\Documents and Settings\smith\My Documents\Virus logs\May 2007\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\smith


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\smith\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\smith\FAVORI~1

C:\DOCUME~1\smith\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{94CF50FD-37A8-4DF2-AB18-5CB620390F87}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{94CF50FD-37A8-4DF2-AB18-5CB620390F87}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{94CF50FD-37A8-4DF2-AB18-5CB620390F87}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End




--------------------------------------------------------------------------
here is AVG anti-spyware log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:12:15 PM 5/11/07

+ Scan result:



:mozilla.13:C:\Documents and Settings\smith\Application Data\Mozilla\Firefox\Profiles\3l32d6kc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.18:C:\Documents and Settings\smith\Application Data\Mozilla\Firefox\Profiles\3l32d6kc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.20:C:\Documents and Settings\smith\Application Data\Mozilla\Firefox\Profiles\3l32d6kc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.21:C:\Documents and Settings\smith\Application Data\Mozilla\Firefox\Profiles\3l32d6kc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\smith\Application Data\Mozilla\Firefox\Profiles\3l32d6kc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\smith\Application Data\Mozilla\Firefox\Profiles\3l32d6kc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\smith\Application Data\Mozilla\Firefox\Profiles\3l32d6kc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\smith\Application Data\Mozilla\Firefox\Profiles\3l32d6kc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.17:C:\Documents and Settings\smith\Application Data\Mozilla\Firefox\Profiles\3l32d6kc.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.12:C:\Documents and Settings\smith\Application Data\Mozilla\Firefox\Profiles\3l32d6kc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.6:C:\Documents and Settings\smith\Application Data\Mozilla\Firefox\Profiles\3l32d6kc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.7:C:\Documents and Settings\smith\Application Data\Mozilla\Firefox\Profiles\3l32d6kc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.8:C:\Documents and Settings\smith\Application Data\Mozilla\Firefox\Profiles\3l32d6kc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.9:C:\Documents and Settings\smith\Application Data\Mozilla\Firefox\Profiles\3l32d6kc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.


::Report end



--------------------------------------------------------------------------
here are the pandascan results:


Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\smith\My Documents\Virus logs\May 2007\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\sUBs\TSF\nircmd.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe




Again, thanks for your help.

[silversquire848]

I'm sorry I forgot to post the last one you mentioned. here it is:



Directories/Files moved to C:\Deckard\System Scanner\backup

2007-05-04 16:10:14 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\2nm44.tmp
2007-04-05 00:12:41 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\2qi164.tmp
2007-05-03 17:19:52 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\3xy4E.tmp
2007-04-05 00:08:56 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\60f13D.tmp
2007-05-04 15:42:32 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\6hk1F.tmp
2007-05-04 16:26:32 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\74649.tmp
2007-04-15 2222 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\7naDE.tmp
2007-05-03 17:04:23 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\9kr4B.tmp
2007-05-03 00:39:26 0 d-------- C:\DOCUME~1\smith\LOCALS~1\Temp\Adobe
2007-04-30 21:08:18 0 d-------- C:\DOCUME~1\smith\LOCALS~1\Temp\aolbartcache
2007-05-09 22:22:29 270 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\AUInst.log
2007-04-30 14:40:26 49238 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\b245_appcompat.txt
2007-05-03 17:05:54 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\cl84C.tmp
2007-05-04 04:31:16 12936 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\control.xml
2007-04-29 22:36:26 419 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\DelUS.bat
2007-04-25 17:55:48 43912 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\dxdiag.txt
2007-05-03 16:58:51 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\e6q49.tmp
2007-04-15 21:52:54 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\efdD5.tmp
2007-05-02 19:10:43 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\fla1E.tmp
2007-05-02 19:12:57 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\fla20.tmp
2007-05-04 16:28:44 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\gor4A.tmp
2007-04-09 17:00:18 159 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\GTDown.log
2007-05-03 16:43:05 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\gx246.tmp
2007-04-15 22:04:02 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\h6hDC.tmp
2007-04-28 15:19:58 0 d-------- C:\DOCUME~1\smith\LOCALS~1\Temp\hsperfdata_smith
2007-04-16 09:13:55 1994 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\IMT24.xml
2007-04-16 09:13:56 426 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\IMT25.xml
2007-04-16 09:13:56 707340 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\IMT26.xml
2007-04-09 16:59:51 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\InCD.tmp
2007-04-09 17:00:33 270 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\InstallChannel.log
2007-04-09 16:59:58 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\is17.tmp
2007-04-05 00:20:13 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\ius18C.tmp
2007-05-05 21:49:29 4190 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\java_install_reg.log
2007-04-15 21:52:47 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\jr7D1.tmp
2007-05-09 22:27:10 28400 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\jusched.log
2007-05-04 15:34:50 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\k3019.tmp
2007-04-15 21:55:57 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\lbcD6.tmp
2007-04-19 01:24:06 0 d-------- C:\DOCUME~1\smith\LOCALS~1\Temp\msohtml
2007-05-03 02:37:00 0 d-------- C:\DOCUME~1\smith\LOCALS~1\Temp\msohtml1
2007-04-20 21:17:46 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\owq60.tmp
2007-04-10 09:33:45 16384 --a-----t C:\DOCUME~1\smith\LOCALS~1\Temp\Perflib_Perfdata_270.dat
2007-04-11 09:52:15 16384 --a-----t C:\DOCUME~1\smith\LOCALS~1\Temp\Perflib_Perfdata_5a8.dat
2007-04-16 15:18:55 16384 --a-----t C:\DOCUME~1\smith\LOCALS~1\Temp\Perflib_Perfdata_9b0.dat
2007-04-30 20:51:46 16384 --a-----t C:\DOCUME~1\smith\LOCALS~1\Temp\Perflib_Perfdata_bf8.dat
2007-04-15 19:54:24 16384 --a-----t C:\DOCUME~1\smith\LOCALS~1\Temp\Perflib_Perfdata_ca4.dat
2007-05-07 17:24:26 16384 --a-----t C:\DOCUME~1\smith\LOCALS~1\Temp\Perflib_Perfdata_cac.dat
2007-05-08 17:18:53 16384 --a-----t C:\DOCUME~1\smith\LOCALS~1\Temp\Perflib_Perfdata_f4.dat
2007-04-09 16:59:55 159 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\qdiagd.log
2007-04-09 16:59:10 229 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\qdiagd_2.log
2007-04-15 22:01:24 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\r37D7.tmp
2007-04-15 22:07:55 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\s1tE0.tmp
2007-05-03 17:17:33 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\s764D.tmp
2007-05-04 16:24:50 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\sze48.tmp
2007-04-15 21:50:14 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\tk1CD.tmp
2007-04-30 21:18:26 178 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\toasterWrite1.html
2007-04-05 00:17:13 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\u0w17D.tmp
2007-05-03 17:03:04 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\u2m4A.tmp
2007-04-15 2248 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\u8zDF.tmp
2007-04-06 20:33:43 0 d-------- C:\DOCUME~1\smith\LOCALS~1\Temp\VBE
2007-04-06 20:33:43 0 d-------- C:\DOCUME~1\smith\LOCALS~1\Temp\Word8.0
2007-05-04 15:45:21 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\ym420.tmp
2007-05-03 16:48:52 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\yni48.tmp
2007-04-20 21:24:55 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\z6d67.tmp
2007-05-03 16:46:58 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\z8e47.tmp
2007-04-04 23:53:50 0 --a------ C:\DOCUME~1\smith\LOCALS~1\Temp\zouD0.tmp
2007-04-22 00:30:24 0 d-------- C:\DOCUME~1\smith\LOCALS~1\Temp\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}_445
2007-04-10 09:33:47 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_690.dat
2007-05-07 17:22:42 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_7d0.dat
2007-04-11 09:51:45 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_7e8.dat
2007-05-08 17:19:03 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_8b4.dat
2007-04-28 12:03:34 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_8b8.dat
2007-05-09 22:22:24 26112 --a------ C:\WINDOWS\temp\symlcsv1.exe <Not Verified; Symantec Corporation; Symantec Core Component>
2007-04-05 04:21:03 0 --a------ C:\WINDOWS\temp\T30DebugLogFile.txt
2007-05-09 22:22:15 255 --a------ C:\WINDOWS\temp\WGAErrLog.txt
2007-05-09 22:22:37 409 --a------ C:\WINDOWS\temp\WGANotify.settings
2002-07-25 18:13:12 196608 --a------ C:\WINDOWS\Downloaded Program Files\dwusplay.exe <Not Verified; InstallShield Software Corporation; InstallShield Update Service>
2006-08-24 08:28:54 141424 --a------ C:\WINDOWS\Downloaded Program Files\asinst.dll <Verified; Panda Software; ActiveScan>
2004-12-07 16:07:08 32 --a------ C:\WINDOWS\Downloaded Program Files\bdcore.dll
2005-03-01 14:08:48 118784 --a------ C:\WINDOWS\Downloaded Program Files\bdupd.dll
2005-09-08 19:20:54 778240 --a------ C:\WINDOWS\Downloaded Program Files\DiagCollectionControl.dll <Not Verified; Musicmatch, Inc.; Diagnostic Collection ActiveX control>
2004-10-26 16:23:18 191488 --a------ C:\WINDOWS\Downloaded Program Files\DigWebX2.dll <Not Verified; Microsoft Corporation; MSN Photos BatchEd Module>
2002-07-25 18:13:18 24576 --a------ C:\WINDOWS\Downloaded Program Files\dwusplay.dll <Not Verified; InstallShield Software Corporation; InstallShield Update Service>
2005-03-01 14:08:52 53248 --a------ C:\WINDOWS\Downloaded Program Files\ipsupd.dll
2005-06-10 10:44:02 417792 --a------ C:\WINDOWS\Downloaded Program Files\isusweb.dll <Not Verified; InstallShield Software Corporation; InstallShield Update Service>
2004-12-07 16:07:08 32 --a------ C:\WINDOWS\Downloaded Program Files\libfn.dll
2006-06-01 02:54:16 471040 --a------ C:\WINDOWS\Downloaded Program Files\oscan8.ocx <Not Verified; SOFTWIN; bdscanonline>
2006-05-31 04:15:16 10 --a------ C:\WINDOWS\Downloaded Program Files\oscan81.ocx_x

-*- End of Logfile -*-

[forhockey]

Quote:

first of all, the SONIC issue now started happening with my COREL PHOTOALBUM and the same message pops up. I think I should revert back to one of my System Restore points or sooner or later this will happen to all my programs. Should I do this and why is this happening?

Please do not revert back an old system restore point, as all the work we've done will be wasted. I've got a few options I want to tryout, and see if it will resolve your SONIC issue. There could be many possibilites behind the reason for your problems with Sonic... One may be that some essential files got moved or deleted. Also, a part of the program may have become corrupt.

Quote:

Second, in the panda scan, (included in next post) the first item is the smitfraud, however the second item's location was: C:\sUBs\TSF\nircmd.exe
Why is TSF in the name?

The ComboFix program created the folder TSF when it was run. Its a false positive by Panda, and there is nothing to worry about :)

Quote:

third, when i ran pandascan the first time, there was a virus that was detected and disinfected, however the computer was accidentally shut down so the report was never produced. The second time I ran pandascan I was able to complete it thoroughly so even though the virus won't appear in the log it was there and it was disinfected.

Panda provides a free online scan to the users. There are some things the scan will remove, and most of the time it will leave behind the infected files because they want you to purchase their product ;) In your case the file was disinfected from your system, and the panda log you provided appears to be listing false positives.

Quote:

fourth, the gap in my icon tray is still there and won't go away. sometimes a bubble appears over the tray with nothing in it.

I'm going to ask for a screenshot, so that I can see exactly what is going wrong. I'll provide instructions later on in my post on how to do this.

Lets get started!!!




Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below.
Make sure to work through all the Steps in the exact order in which they are listed below.
If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

Please capture a screenshot and attach it in your next reply.

In Windows a screenshot of the entire monitor, complete with taskbar, can be copied to the system clipboard by pressing the Print screen key (normally located in the top row on the right-hand side of the keyboard)..

You can then paste the clipboard into a program like MS Paint to save it as an image file or paste it directly into a document.

1. Press the Prin