IEXPLORE issues + plus popups + unknown .exe

[LeoNe]

Hi ,
i would be very thankful if u could help me with some issues that mess up my nirvana ....

There seem to be 2 IEXPLORE .exe in my Task Manager processes and i know i have been infected by an adware ( probably adclicker) because various pop ups appear . I have tried everything , from Spyware, Adaaware to Mr.Web , Spybot and Spyblaster, among other programmes . I use Mozilla 1.5 , Kaspersky and Sygate Firewall .
I have restrained access of Explorer to the net but other than that no progress.

Nothing seems to work .

I also have an unknown .exe file that appears in my taskbar when i work on another application ( for instance online games ) , then quickly disappears but damage is done , i crash back to desktop and have to click again the application on the taskbar to go back in, thus losing precious time in online gaming .

Please help me

here is my Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 5:42:55 μμ, on 21/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\HFAISTOS\UTILITIES\GUDilitieS\Antivirus\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [Memo Load For Mode] C:\Documents and Settings\All Users\Application Data\bike balm memo load\deadscr.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Atom Vga] C:\DOCUME~1\LeoNiDaS\APPLIC~1\HTMMES~1\open proxy.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Γρήγορη εκκίνηση HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{48549EB7-2352-4F77-B009-E396D7883D12}: NameServer = 195.170.0.1,195.170.2.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Thnx in advance and for your time ,
Leon

[LeoNe]

Also it seems that explorer wants to contact ayb.dns-look-up.com (info from Sygate Firewall ) ,sometimes its netsearch.com , i think they are related.

I know its something very difficult to remove , because after downloading 8-9 spywarekillers its still there !

[LeoNe]

After several reading and trying it seems that i got rid of IEXPLORE and things seem better .

But now i have another problem, it seems that i accidentally deleted dslagent.exe and internet seems kinda slower and unstable.

I reinstalled the modem/router drivers but that didnt help .


Any clues how to re install dslagent.exe to run properly?

[LeoNe]

Any help at all guys?

How to reinstall dslagent and what is that missing .exe that reappears on my taskbar ???

Somebody?

[Ried]

Hello LeoNe,

Quote:

After several reading and trying it seems that i got rid of IEXPLORE and things seem better

Please tell me how you did that.

Quote:

is that missing .exe that reappears on my taskbar

Is there a filename to go along with that .exe...?

Quote:

i accidentally deleted dslagent.exe

Do you have that file on your system after reinstalling your modem?


We need new scans since you've made changes to your system:

1. Download ComboScan to your Desktop.
2. Close all applications and windows.
3. Double-click on comboscan.exe to run it, and follow the prompts.
4. When the scan is complete, a text file will open - ComboScan.txt
5. Copy and paste the contents of ComboScan.txt in your next reply.
6. A folder, C:\ComboScan will also open. In it will be another text file, Supplementary.txt
7. Please Attach the Supplementary.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options>Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:ComboScanSupplementary.txt

3. Click Upload.

[LeoNe]

Hi again,

I went to safe mode after disabling system restore , and did a NoloP run , ATF cleaner , CureIt and a Spybot 1.4 run .

Before that I had searched through my Hijack log and found :

O4 - HKLM\..\Run: [Memo Load For Mode] C:\Documents and Settings\All Users\Application Data\bike balm memo load\deadscr.exe

I went to Apllicaton Data folder and deleted that folder ( when i turned off computer it used to say sometimes "deadscr.exe apllication data execution failed" )

The misiing .exe did not have a name but after trying removing several processes from the TasK Manager , i found out that it had to do with the printer. I later found out that it was double-installed and it had to do with software update of 2 different driver versions. I uninstalled drivers and all seem ok now.

I still dont have dslagent.exe , even after reinstalling modem/router drivers .
Internet though seems stabilized and running smoothly except sometimes it fails to load first default page and i have to refresh .

This is latest Hijack , as you can see its much cleaner than first one . I still havent reinstalled printer though .

Logfile of HijackThis v1.99.1
Scan saved at 10:18:04 πμ, on 26/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\HFAISTOS\UTILITIES\GUDilitieS\Antivirus\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.gr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9C1BBDE-A254-442D-9453-5662EEE59302}: NameServer = 195.170.0.1,195.170.2.2
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

[LeoNe]

Also something else .

"Search" mode in Explorer didint work before. Now it works . I dont know if it had to do with IEXPLORE virus .

I will do a Comboscan if its still needed later because i have to go to work now .
Tell me if its still needed to do so .

I dont know if dslagent.exe is necessary to have since i got Internet up again . If there is a simple way to have it running again , that would be a good thing , not?

Again thanx for replying and for your time .

[Ried]

Hi,

By any chance did you save the DrWebCureit report? DrWeb is an extremely aggressive tool and tends to take out 'legit' files. Did you set it to Quarantine or Remove?

Yes, I need the ComboScan done. It will automatically run HijackThis along with scanning other areas of your system to provide me with more information.

The infection you had/may still have, is LOP. It often has hidden tasks and folders that will eventually bring the infection back to the forefront. Please run this tool as well:

Download fl.zip

• Extract the contents of the fl.zip to a new folder on Desktop.
• Within the folder, locate & double-click fl.bat.
• It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply along with ComboScan.txt and the Supplementary.txt

[LeoNe]

Ok , here is Comboscan and supplementary

ComboScan v20070221.16 run by LeoNiDaS on 2007-02-28 at 12:17:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as LeoNiDaS.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:17:25 μμ, on 28/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\LeoNiDaS\Desktop\comboscan.exe
H:\HFAISTOS\UTILITIES\GUDilitieS\Antivirus\hijackthis\LeoNiDaS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.gr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9C1BBDE-A254-442D-9453-5662EEE59302}: NameServer = 195.170.0.1,195.170.2.2
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


-- Files created between 2007-01-28 and 2007-02-28 ------------------------------

2007-02-25 21:59:16 0 d-------- C:\Program Files\Ace Utilities<ACEUTI~1>
2007-02-21 23:58:06 0 d-------- C:\Documents and Settings\LeoNiDaS\Application Data\TuneUp Software<TUNEUP~1>
2007-02-21 23:57:51 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software<TUNEUP~1>
2007-02-21 23:04:04 29603 --a------ C:\WINDOWS\system32\drivers\glauiad.sys
2007-02-21 23:04:04 24576 --a------ C:\WINDOWS\system32\CoInst.dll
2007-02-21 23:04:00 0 d-------- C:\Program Files\jetSpeed520<JETSPE~1>
2007-02-21 17:32:16 318 --a------ C:\delete.bat
2007-02-21 17:29:30 0 d-------- C:\NoLopBackups<NOLOPB~1>
2007-02-21 17:25:17 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-21 16:10:03 0 d-------- C:\Documents and Settings\Administrator\DoctorWeb<DOCTOR~1>
2007-02-21 15:10:26 0 d-------- C:\Documents and Settings\LeoNiDaS\DoctorWeb<DOCTOR~1>
2007-02-21 10:57:38 0 d-------- C:\Documents and Settings\LeoNiDaS\Application Data\Media Player Classic<MEDIAP~1>
2007-02-21 10:56:45 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-02-21 10:50:04 0 d-------- C:\Program Files\QuickTime Alternative<QUICKT~2>
2007-02-21 10:07:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-02-12 21:20:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-12 20:58:28 0 d-------- C:\Program Files\Yahoo!
2007-02-12 13:03:03 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-02-12 13:03:03 14568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-02-12 13:03:03 14568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-02-12 13:03:03 14568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-02-12 13:03:03 14568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-02-12 13:03:03 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-02-12 13:03:02 83096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-02-12 13:03:01 0 d-------- C:\Program Files\Sygate


-- Find3M Report ----------------------------------------------------------------

2007-02-28 12:09:52 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-28 12:08:19 0 d-------- C:\Program Files\DC++<DC__~1>
2007-02-28 11:43:28 0 d-------- C:\Program Files\DVD Region+CSS Free<DVDREG~1>
2007-02-24 19:59:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-24 19:47:57 0 d-------- C:\Program Files\WinAVI VideoConverter<WINAVI~1>
2007-02-24 19:47:38 0 d-------- C:\Program Files\Java
2007-02-22 12:59:37 0 d-------- C:\Program Files\DVDFab Decrypter 3<DVDFAB~2>
2007-02-21 10:36:39 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-21 00:37:30 0 --a------ C:\Documents and Settings\LeoNiDaS\Application Data\AVSDVDPlayer.m3u<AVSDVD~1.M3U>
2007-02-06 22:18:01 0 d-------- C:\Program Files\audiograbber<AUDIOG~1>
2007-02-02 13:23:39 0 d---s---- C:\Documents and Settings\LeoNiDaS\Application Data\Microsoft<MICROS~1>
2007-01-25 12:48:48 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-21 13:49:17 0 d-------- C:\Documents and Settings\LeoNiDaS\Application Data\Leadertech<LEADER~1>
2007-01-21 00:40:07 0 dr-h----- C:\Documents and Settings\LeoNiDaS\Application Data\SecuROM
2007-01-21 00:40:06 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-01-20 22:43:19 0 d-------- C:\Program Files\Atari
2007-01-20 17:40:38 0 d-------- C:\Documents and Settings\LeoNiDaS\Application Data\AdobeUM
2007-01-16 1923 0 d-------- C:\Program Files\Recover My Files<RECOVE~1>
2007-01-13 09:47:57 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-01-04 16:45:49 202240 --a------ C:\WINDOWS\system32\300_saver_02.scr<300_SA~1.SCR>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"AVPCC"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Pro\\avpcc.exe\" /wait"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd"
"Profiler"="C:\\Program Files\\Saitek\\Software\\Profiler.exe"
"SaiSmart"="C:\\Program Files\\Saitek\\Software\\SaiSmart.exe"
"SaiMfd"="C:\\Program Files\\Saitek\\Software\\SaiMfd.exe"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"SoundMan"="SOUNDMAN.EXE"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of ComboScan: finished at 2007-02-28 at 12:17:41 -------------------------

ComboScan v20070221.16 run by LeoNiDaS on 2007-02-26 at 11:43:34
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1023.48 MiB / 663.72 MiB
Pagefile Memory (total/avail): 2460.36 MiB / 2232.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1997.73 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 69.23 GiB total, 5.87 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 135.22 GiB total, 2.27 GiB free.
G: is Fixed (NTFS) - 97.65 GiB total, 0.47 GiB free.
H: is Fixed (NTFS) - 186.31 GiB total, 0.19 GiB free.
I: is CDROM (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\LeoNiDaS\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=REBORN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\LeoNiDaS
LOGONSERVER=\\REBORN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LeoNiDaS\LOCALS~1\Temp
TMP=C:\DOCUME~1\LeoNiDaS\LOCALS~1\Temp
USERDOMAIN=REBORN
USERNAME=LeoNiDaS
USERPROFILE=C:\Documents and Settings\LeoNiDaS
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ----------------------------------------------------------------

LeoNiDaS (admin)
Administrator (admin)


-- Add/Remove Programs ----------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
300_saver_02 --> C:\WINDOWS\system32\300_saver_02.scr /u
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ace Utilities --> "C:\Program Files\Ace Utilities\uninstall.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Alcohol 120% --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Anti-Leech Plugin for Mozilla, Opera, Netscape --> C:\Program Files\Anti-Leech\ALNN\setup2.exe -u
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x8
AVS DVD Player version 2.2 --> "C:\Program Files\AVSMedia\DVDPlayer\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Creative PC-CAM Center Lite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\setup.exe" -l0x9 /remove
Creative WebCam Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x9 /remove
Creative WebCam NX Driver (1.02.01.0827) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script P1110.uns -unsext NT -plugin p1110pin.dll -pluginres p1110pin.crl
Creative WebCam NX User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam NX\Creative WebCam NX User's Guide\English\CTManual.isu"
DC++ 0.698 --> "C:\Program Files\DC++\uninstall.exe"
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro Trial --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Region+CSS Free 5.50 --> "C:\Program Files\DVD Region+CSS Free\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Decrypter 3.0.8.0 --> "C:\Program Files\DVDFab Decrypter 3\unins000.exe"
EVE-ONLINE (remove only) --> C:\Program Files\CCP\EVE\Uninstall.exe
Fraps --> "C:\Program Files\Fraps\uninstall.exe"
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
HijackThis 1.99.1 --> H:\HFAISTOS\UTILITIES\GUDilitieS\Antivirus\hijackthis\HijackThis.exe /uninstall
HSP LGSO 1.0 --> "C:\Program Files\Microsoft Games\Flight Simulator 9\Scenery\HSP\unins000.exe"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
JeppTerrain --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D28A0F2-349E-11D3-A90C-0090270E86DC}\setup.exe" -uninst
jetSpeed 520 ADSL Modem --> C:\Program Files\jetSpeed520\Adsl\uninstall.exe
Kaspersky(TM) Anti-Virus Personal Pro 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F5E2A5A-92C5-4DF1-808D-1688C50CBFEE}\Setup.exe" -l0x9
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Flight Simulator 2004 A Century of Flight --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (1.5.0.10) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.10 (el)"
MSN Messenger 7.5 --> MsiExec.exe /I{4043A416-03EC-11DA-BFBD-00065BBDC0B5}
Nero 6 --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerQuest PartitionMagic 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\Setup.exe"
QuickTime Alternative 1.77 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Recover My Files --> "C:\Program Files\Recover My Files\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SST Programming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03ADCA1C-BCF0-4B12-AFCF-8EBF2CB3AB07}\setup.exe" AddRem
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
TEAC USB 3D AUDIO --> C:\WINDOWS\CmiUSB2Uninstall.exe C:\Program Files\TEAC USB 3D AUDIO#TEAC USB 3D AUDIO#TEAC USB 3D AUDIO#
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
ubi.com --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst
Ventrilo --> C:\PROGRA~1\Ventrilo\UNWISE.EXE C:\PROGRA~1\Ventrilo\INSTALL.LOG
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR 3.3 – Εφαρμογή Διαχείρισης Συμπιεσμένων Αρχείων --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"


-- End of ComboScan: finished at 2007-02-26 at 11:44:01 -------------------------

ANd here is FindLOP .txt

Volume in drive C is SPaRTaN
Volume Serial Number is 24EE-1F89

Directory of C:\Documents and Settings\Administrator\Application Data

08/07/2006 11:07 ££ <DIR> Lavasoft
0 File(s) 0 bytes
1 Dir(s) 12.273.197.056 bytes free
Volume in drive C is SPaRTaN
Volume Serial Number is 24EE-1F89

Directory of C:\Documents and Settings\All Users\Application Data

18/07/2006 03:17 ££ <DIR> Adobe
21/02/2007 10:50 §£ <DIR> Apple Computer
18/07/2006 03:38 ££ <DIR> CyberLink
27/02/2007 11:31 §£ <DIR> DVD Shrink
24/02/2007 07:43 ££ 12.844 hpzinstall.log
31/03/2006 07:11 ££ <DIR> nView_Profiles
25/10/2006 01:11 ££ <DIR> PC Suite
21/02/2007 11:07 ££ <DIR> Spybot - Search & Destroy
21/02/2007 11:57 ££ <DIR> TuneUp Software
1 File(s) 12.844 bytes
8 Dir(s) 12.273.192.960 bytes free
Volume in drive C is SPaRTaN
Volume Serial Number is 24EE-1F89

Directory of C:\Documents and Settings\LeoNiDaS\Application Data

18/07/2006 02:40 ££ <DIR> Adobe
20/01/2007 05:40 ££ <DIR> AdobeUM
06/04/2006 06:28 ££ <DIR> Ahead
21/02/2007 12:37 §£ 0 AVSDVDPlayer.m3u
13/07/2006 01:11 ££ <DIR> BSplayer
27/12/2006 07:43 ££ <DIR> Creative
18/07/2006 07:08 ££ <DIR> CyberLink
15/06/2006 10:36 §£ 5.932 GdiplusUpgrade_MSIApproach_Wrapper.log
16/06/2006 05:54 ££ <DIR> Google
31/03/2006 06:57 ££ <DIR> Identities
18/11/2006 04:58 ££ <DIR> InstallShield
11/04/2006 02:52 ££ <DIR> Lavasoft
21/01/2007 01:49 ££ <DIR> Leadertech
31/03/2006 10:19 ££ <DIR> Macromedia
21/02/2007 10:57 §£ <DIR> Media Player Classic
31/03/2006 05:39 ££ <DIR> Mozilla
01/09/2006 01:55 §£ <DIR> My Games
25/10/2006 01:11 ££ <DIR> PC Suite
01/07/2006 06:04 ££ <DIR> Sun
24/08/2006 05:59 ££ <DIR> teamspeak2
21/02/2007 11:58 ££ <DIR> TuneUp Software
25/06/2006 05:24 ££ <DIR> ubi.com
03/04/2006 12:23 ££ <DIR> Ventrilo
2 File(s) 5.932 bytes
21 Dir(s) 12.273.192.960 bytes free
Volume in drive C is SPaRTaN
Volume Serial Number is 24EE-1F89

Directory of C:\Documents and Settings\Default User\Application Data

31/03/2006 07:44 ££ <DIR> .
31/03/2006 07:44 ££ <DIR> ..
31/03/2006 07:44 ££ 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 12.273.192.960 bytes free
Volume in drive C is SPaRTaN
Volume Serial Number is 24EE-1F89

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C is SPaRTaN
Volume Serial Number is 24EE-1F89

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues


Unfortunately , I didnt save DrWebCureit report , I guess i have removed the viruses and not quarrantined them .

Standingby ,
Leon .

[Ried]

Just to double check, launch DrWeb and click on the folder icon in the top left. Are there any reports listed in there? If so, post them here.

Quote:

I still dont have dslagent.exe , even after reinstalling modem/router drivers .
Internet though seems stabilized and running smoothly except sometimes it fails to load first default page and i have to refresh .

dslagent.exe
Used in conjunction with USB connected ADSL modems from Eicon Networks (as used by BT for its Broadband internet service for example). Required for a permanent ADSL connection

Have you tried reinstalling the modem entirely--not just the drivers.

Have you tried using your program 'Recover My Files' to try to recover dslagent.exe?

[LeoNe]

I found an old log of DR WEB the same day i posted here the first time .
seems that it didnt find anything to cure though . As far as i remember only NoLOP found one job and deleted , the rest i did manually (deleting bike balm memo in Aplication data ) but here it is

=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2007-02-21, 16:10:03 [REBORN][Administrator]
Command-line: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 448 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43375.cdb - 1633 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43374.cdb - 2090 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43373.cdb - 1252 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43372.cdb - 1289 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43371.cdb - 2370 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43370.cdb - 2022 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 878 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 421 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 839 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 177771
Key file: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cureit.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates: 2007-02-05
License key expires: 2010-02-11

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx0\cureit.exe
[Scan path] c:\documents and settings\administrator\start menu\programs\startup\desktop.ini
[Scan path] c:\documents and settings\all users\application data\bike balm memo load\deadscr.exe
[Scan path] c:\documents and settings\all users\start menu\programs\startup\desktop.ini
[Scan path] c:\program files\ace utilities\wipext.dll
[Scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
[Scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
[Scan path] c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
[Scan path] c:\program files\alcohol soft\alcohol 120\axshlex.dll
[Scan path] c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
[Scan path] c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
[Scan path] c:\program files\common files\microsoft shared\source engine\ose.exe
[Scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll
[Scan path] c:\program files\common files\microsoft shared\web components\11\owc11.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
[Scan path] c:\program files\common files\pcsuite\services\servicelayer.exe
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\dvd region+css free\dvdregionfree.exe
[Scan path] c:\program files\dvd region+css free\dvdshell.dll
[Scan path] c:\program files\hp\digital imaging\bin\hpqthb08.exe
[Scan path] c:\program files\hp\digital imaging\bin\hpqtra08.exe
[Scan path] c:\program files\hp\hp software update\hpwuschd2.exe
[Scan path] c:\program files\hp\hpcoretech\comp\hpuiprot.dll
[Scan path] c:\program files\hp\hpcoretech\hpcmpmgr.exe
[Scan path] c:\program files\java\jre1.5.0_10\bin\jusched.exe
[Scan path] c:\program files\java\jre1.5.0_10\bin\ssv.dll
[Scan path] c:\program files\kaspersky lab\kaspersky anti-virus personal pro\avpcc.exe
[Scan path] c:\program files\kaspersky lab\kaspersky anti-virus personal pro\avpm.exe
[Scan path] c:\program files\microsoft office\office11\mlshext.dll
[Scan path] c:\program files\microsoft office\office11\msohev.dll
[Scan path] c:\program files\microsoft office\office11\olkfstub.dll
[Scan path] c:\program files\msn messenger\msgrapp.dll
[Scan path] c:\program files\nokia\nokia pc suite 6\launchapplication.exe
[Scan path] c:\program files\nokia\nokia pc suite 6\phonebrowser.dll
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\saitek\software\profiler.exe
[Scan path] c:\program files\saitek\software\saimfd.exe
[Scan path] c:\program files\saitek\software\saismart.exe
[Scan path] c:\program files\spybot - search & destroy\sdhelper.dll
[Scan path] c:\program files\sygate\spf\smc.exe
[Scan path] c:\program files\winrar\rarext.dll
[Scan path] c:\program files\yahoo!\companion\installs\cpn\yt.dll
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\gdrv.sys
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\soundman.exe
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\audiodev.dll
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\cdfview.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfshim.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\alcxwdm.sys
[Scan path] c:\windows\system32\drivers\amdk8.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys
[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\ccdecode.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\cmudau.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmio.sys
[Scan path] c:\windows\system32\drivers\dmload.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\dvd43.sys
[Scan path] c:\windows\system32\drivers\fdc.sys
[Scan path] c:\windows\system32\drivers\flpydisk.sys
[Scan path] c:\windows\system32\drivers\fltmgr.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\glauiad.sys
[Scan path] c:\windows\system32\drivers\hidusb.sys
[Scan path] c:\windows\system32\drivers\hpzid412.sys
[Scan path] c:\windows\system32\drivers\hpzipr12.sys
[Scan path] c:\windows\system32\drivers\hpzius12.sys
[Scan path] c:\windows\system32\drivers\http.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\ip6fw.sys
[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irda.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\irsir.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kbdhid.sys
[Scan path] c:\windows\system32\drivers\klif.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mouhid.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mssmbios.sys
[Scan path] c:\windows\system32\drivers\mstee.sys
[Scan path] c:\windows\system32\drivers\nabtsfec.sys
[Scan path] c:\windows\system32\drivers\ndisip.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\nv4_mini.sys
[Scan path] c:\windows\system32\drivers\nvatabus.sys
[Scan path] c:\windows\system32\drivers\nvenetfd.sys
[Scan path] c:\windows\system32\drivers\nvnetbus.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\oreans32.sys
[Scan path] c:\windows\system32\drivers\p1110vid.sys
[Scan path] c:\windows\system32\drivers\parport.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pciide.sys
[Scan path] c:\windows\system32\drivers\processr.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\pxhelp20.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasirda.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\rdpdr.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\saih0255.sys
[Scan path] c:\windows\system32\drivers\saimini.sys
[Scan path] c:\windows\system32\drivers\saintbus.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\serenum.sys
[Scan path] c:\windows\system32\drivers\serial.sys
[Scan path] c:\windows\system32\drivers\slip.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\streamip.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys
[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\teefer.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usbaudio.sys
[Scan path] c:\windows\system32\drivers\usbccgp.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbohci.sys
[Scan path] c:\windows\system32\drivers\usbprint.sys
[Scan path] c:\windows\system32\drivers\usbscan.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\drivers\wg3n.sys
[Scan path] c:\windows\system32\drivers\wg4n.sys
[Scan path] c:\windows\system32\drivers\wg5n.sys
[Scan path] c:\windows\system32\drivers\wg6n.sys
[Scan path] c:\windows\system32\drivers\wpsdrvnt.sys
[Scan path] c:\windows\system32\drivers\wstcodec.sys
[Scan path] c:\windows\system32\drivers\xmasbus.sys
[Scan path] c:\windows\system32\drivers\xmasscsi.sys
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\extmgr.dll
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\hpzipm12.exe
[Scan path] c:\windows\system32\hpzsnt10.dll
[Scan path] c:\windows\system32\hticons.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\iedkcs32.dll
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logon.scr
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mdimon.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\mscoree.dll
[Scan path] c:\windows\system32\mscories.dll
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\nerocheck.exe
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\nvcpl.dll
[Scan path] c:\windows\system32\nvmctray.dll
[Scan path] c:\windows\system32\nvshell.dll
[Scan path] c:\windows\system32\nvsvc32.exe
[Scan path] c:\windows\system32\nwiz.exe
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
[Scan path] c:\windows\system32\rshx32.dll
[Scan path] c:\windows\system32\rsvp.exe
[Scan path] c:\windows\system32\rsvpsp.dll
[Scan path] c:\windows\system32\rundll32.exe
[Scan path] c:\windows\system32\scardsvr.exe
[Scan path] c:\windows\system32\scecli.dll
[Scan path] c:\windows\system32\schannel.dll
[Scan path] c:\windows\system32\sclgntfy.dll
[Scan path] c:\windows\system32\sendmail.dll
[Scan path] c:\windows\system32\services.exe
[Scan path] c:\windows\system32\sessmgr.exe
[Scan path] c:\windows\system32\setupapi.dll
[Scan path] c:\windows\system32\shdocvw.dll
[Scan path] c:\windows\system32\shell32.dll
[Scan path] c:\windows\system32\shimgvw.dll
[Scan path] c:\windows\system32\shmedia.dll
[Scan path] c:\windows\system32\shmgrate.exe
[Scan path] c:\windows\system32\shscrap.dll
[Scan path] c:\windows\system32\slayerxp.dll
[Scan path] c:\windows\system32\smlogsvc.exe
[Scan path] c:\windows\system32\smss.exe
[Scan path] c:\windows\system32\spoolsv.exe
[Scan path] c:\windows\system32\stobject.dll
[Scan path] c:\windows\system32\svchost.exe
[Scan path] c:\windows\system32\syncui.dll
[Scan path] c:\windows\system32\tcpmon.dll
[Scan path] c:\windows\system32\themeui.dll
[Scan path] c:\windows\system32\tlntsvr.exe
[Scan path] c:\windows\system32\twext.dll
[Scan path] c:\windows\system32\ups.exe
[Scan path] c:\windows\system32\url.dll
[Scan path] c:\windows\system32\urlmon.dll
[Scan path] c:\windows\system32\usbmon.dll
[Scan path] c:\windows\system32\user32.dll
[Scan path] c:\windows\system32\version.dll
[Scan path] c:\windows\system32\vssvc.exe
[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
[Scan path] c:\windows\system32\wdfmgr.exe
[Scan path] c:\windows\system32\wdigest.dll
[Scan path] c:\windows\system32\webcheck.dll
[Scan path] c:\windows\system32\wiascr.dll
[Scan path] c:\windows\system32\wiashext.dll
[Scan path] c:\windows\system32\wininet.dll
[Scan path] c:\windows\system32\winlogon.exe
[Scan path] c:\windows\system32\wldap32.dll
[Scan path] c:\windows\system32\wlnotify.dll
[Scan path] c:\windows\system32\wmpshell.dll
[Scan path] c:\windows\system32\wshext.dll
[Scan path] c:\windows\system32\wuaucpl.cpl
[Scan path] c:\windows\system32\zipfldr.dll
[Scan path] c:\windows\system\cmcnfgu.cpl
[Scan path] h:\hfaistos\utilities\gudilities\antivirus\cureit.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 328
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 10680 Kb/s
Scan time: 00:00:10
-----------------------------------------------------------------------------

[Scan path] C:\
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 6
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:36
-----------------------------------------------------------------------------

Scanning interrupted by user! - no viruses found
[Scan path] C:\
C:\Documents and Settings\Administrator\NTUSER.DAT - read error
C:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\LeoNiDaS\Application Data\SecuROM\UserData\*.* - read error
C:\Documents and Settings\LeoNiDaS\Application Data\SecuROM\UserData\*.* - read error
C:\Documents and Settings\LeoNiDaS\Desktop\Updated Music\Car r tunes Compilation by Ace\silk\03 - R.E.M. - The Greatest \99*.* - read error
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\DVD\AIRCRAFT\Ak*.* - read error
C:\DVD\HOckey Fights\Lulea*.* - read error
>C:\Program Files\WinRAR\Dos.SFXC:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\system.LOG - read error

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 156024
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1202 Kb/s
Scan time: 00:34:10
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 156358
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1227 Kb/s
Scan time: 00:34:56
=============================================================================



I already tried recoover My Files but it didnt found anything , probably it was overwritten by other data.

I have totally unistalled modem and reinstall but still no dslagent.exe ... Internet seems fine though ( !)

I have searched threough internet but didnt find any downloadable dslagent.exe .

For the time being everything works fine , so lets leave it at that . Unless u think dslagent.exe is mandatory toi have.


Thanks again for your time and care , bro
Leon.

[Ried]

Hi Leon,

I haven't been able to find a downloadable dslagent.exe either. If you internet is working fine, then I wouldn't worry about it any longer.

Just out of curiosity, try this program Recuva and see if it can find your deleted dslagent.exe

Your logs are clean--nice job earlier.

Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Guard to catch and block spyware before it can execute.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)

• Now navigate to C:\ie-spyad. Double click to open it.
• From within the folder, double-click install.bat
• Select Option #2 - Install the new IE-SPYAD list, by typing 2
• Then return to the main menu.
• Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

[LeoNe]

Thank you very much for all your time and effort, also for your very good and professional advice ,Ried :)

I appreciate your links to programs and will make good use of them :)

Good strength and Godspeed ,for your upcoming patients bro

I hope i wont have to post here again lol ,but if i have to ,I will know iam in good hands :)

Salute,
Leone.

[Ried]

Thank you...and you're welcome.