Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Redirected to websites & pop-ups

This is a discussion on Redirected to websites & pop-ups within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Hi, i'm looking for help as this is driving me crazy. I wanted to watch a video and it prompted


 
 
Thread Tools Search this Thread
Old 03-14-2008, 09:59 AM   #1
Guest
 
Join Date: Mar 2008
Posts: 10
OS:



Hi, i'm looking for help as this is driving me crazy.
I wanted to watch a video and it prompted me to download an active x control, stupidly did and my compute started experiencing problems.

It was slow and i couldn't access task manager. I've solved this problem with the help of the forum.
However i'm having bigger problems now. My computer seems generally slow at responding and when i access the internet i get redirected by www.404sorry.com to different sites i don't want to go.

Also iexplorer seems to run in task manager in the background when i don't have an inernet page open. Also my explorer seems to dissapear often ( the bottom bar and background icons) i then have to stop the explorer task and run a new explorer task to get it back.

I need to do work on my computer but this isn't letting me properly. I've ran AVG, windows defender, spyware doctor and AAware to try and solve this but i'm still experiencing these problems.

Any help would be very much appreciated
sufcmad16 is offline  
Sponsored Links
Advertisement
 
Old 03-14-2008, 01:12 PM   #2
Guest
 
Join Date: Mar 2008
Posts: 10
OS:



Hi, my problems started when i downloaded an activexcontrol to watch a video after it prompted me. My computer stated acting slowly and i couldn't access the task manager however i have fixed this. The main problem is that iexplore is running in the background when i load my computer up taking up alot of memory, this is strange as i don't have an internet page open.

The internet seems slower however i'm getting re-directed to websites and the toolbar sets itself to www404sorry.com and then directs me to other sites such as search sites and advertising sites. I'm not geat on computers but i think it may be adware. Please can i get some help on this.

My Deckards System Scanner log is shown below:
Deckard's System Scanner v20071014.68
Run by Josh on 2008-03-14 19:40:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
11: 2008-03-14 19:42:09 UTC - RP550 - Deckard's System Scanner Restore Point
10: 2008-03-14 12:36:14 UTC - RP549 - Windows Defender Checkpoint
9: 2008-03-14 11:52:57 UTC - RP548 - Software Distribution Service 3.0
8: 2008-03-14 11:47:19 UTC - RP547 - Installed Ad-Aware 2007
7: 2008-03-14 11:39:57 UTC - RP546 - Installed Windows Defender


-- First Restore Point --
1: 2008-03-10 10:42:46 UTC - RP540 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 0.92 GiB (less than 15%) free.


-- HijackThis (run as Josh.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:13, on 14/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\antiviirus.exe
C:\Program Files\tmp102390.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\tmp108250.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0.1 Server\English\lservnt.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Josh\Desktop\KillBox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\Content.IE5\JZ9BOAUD\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Josh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Josh\LOCALS~1\Temp\~DP11.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: etlrlws - {FD858878-29E2-4129-831C-06A61C344E15} - C:\WINDOWS\etlrlws.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Josh\Desktop\WH GBP Casino.lnk (file missing)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\Josh\Desktop\WH GBP Casino.lnk (file missing)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - https://www.williamhillcasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - https://www.williamhillcasino.com (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - https://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - https://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O21 - SSODL: AvpCheck - {55237993-9d65-4226-8f72-12f6f2a2a34f} - C:\WINDOWS\Installer\{55237993-9d65-4226-8f72-12f6f2a2a34f}\AvpCheck.dll
O21 - SSODL: zip - {541b586b-2a5b-4e7e-a55a-8cb304c33cb3} - C:\WINDOWS\Installer\{541b586b-2a5b-4e7e-a55a-8cb304c33cb3}\zip.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SentinelLM - Rainbow Technologies, Inc. - C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0.1 Server\English\lservnt.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15702 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VHidMinidrv (Bluetooth HID Device Service) - c:\windows\system32\drivers\vhidmini.sys <Not Verified; IVT Corporation; IVT BlueSoleil>

S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 musbehco - c:\docume~1\josh\locals~1\temp\musbehco.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 SentinelLM - "c:\program files\rainbow technologies\sentinellm 7.2.0.1 server\english\lservnt.exe" <Not Verified; Rainbow Technologies, Inc.; SentinelLM>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>

S2 matlabserver (MATLAB Server) - c:\matlab6p5\webserver\bin\win32\matlabserver.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-14 18:38:03 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-03-08 12:35:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-04 15:00:52 434 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job
2007-09-01 23:02:16 298 --a------ C:\WINDOWS\Tasks\XoftSpy.job


-- Files created between 2008-02-14 and 2008-03-14 -----------------------------

2008-03-14 19:47:01 0 d-------- C:\Program Files\Trend Micro
2008-03-14 19:23:30 0 d-------- C:\WINDOWS\LastGood
2008-03-14 18:35:24 16524 -r-hs---- C:\Program Files\tmp108250.exe
2008-03-14 18:35:18 16524 -r-hs---- C:\Program Files\tmp102390.exe
2008-03-14 17:51:32 16524 -r-hs---- C:\Program Files\tmp157968.exe
2008-03-14 17:51:25 16524 -r-hs---- C:\Program Files\tmp151390.exe
2008-03-14 17:18:22 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-14 14:21:47 16524 -r-hs---- C:\Program Files\tmp160953.exe
2008-03-14 14:21:41 16524 -r-hs---- C:\Program Files\tmp154890.exe
2008-03-14 12:12:04 0 d-------- C:\Program Files\Spyware Doctor
2008-03-14 11:48:16 0 d-------- C:\Program Files\Lavasoft
2008-03-14 11:47:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-14 11:42:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-14 11:40:06 0 d-------- C:\Program Files\Windows Defender
2008-03-14 11:29:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-14 11:27:29 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-03-14 10:36:48 0 d------c- C:\!KillBox
2008-03-14 09:56:28 16524 -r-hs---- C:\Program Files\tmp80796.exe
2008-03-14 09:56:22 16524 -r-hs---- C:\Program Files\tmp75437.exe
2008-03-14 09:50:59 16524 -r-hs---- C:\Program Files\tmp2687375.exe
2008-03-14 09:50:54 16524 -r-hs---- C:\Program Files\tmp2682375.exe
2008-03-14 09:50:54 21648 --a------ C:\Program Files\antiviirus.exe
2008-03-14 09:50:50 98304 --a------ C:\WINDOWS\fmsxwqs.exe
2008-03-14 09:50:50 221184 --a------ C:\WINDOWS\etlrlws.dll
2008-03-14 09:50:50 245760 --a------ C:\WINDOWS\drnpfdxrqv.dll
2008-03-14 09:50:50 270336 --a------ C:\WINDOWS\bokpkov.dll
2008-03-14 09:50:50 221184 --a------ C:\WINDOWS\altvxvm.dll
2008-03-07 20:36:39 0 d-------- C:\Program Files\William Hill Poker
2008-03-02 16:39:40 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-02-24 17:52:27 0 d-------- C:\Program Files\Channel4
2008-02-24 17:49:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2008-02-15 21:02:42 0 d-------- C:\Documents and Settings\Josh\Application Data\Winamp


-- Find3M Report ---------------------------------------------------------------

2008-03-14 19:40:02 0 d-------- C:\Program Files\Bonjour
2008-03-14 19:37:47 0 d-------- C:\Program Files\Apoint
2008-03-14 19:37:24 0 d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2008-03-14 19:37:23 0 d-------- C:\Program Files\PowerISO
2008-03-14 19:37:17 0 d-------- C:\Program Files\Kontiki
2008-03-14 19:36:58 0 d-------- C:\Program Files\iTunes
2008-03-14 19:36:46 0 d-------- C:\Program Files\DellSupport
2008-03-14 19:36:22 0 d-------- C:\Program Files\Messenger
2008-03-14 19:36:20 0 d-------- C:\Program Files\Digital Line Detect
2008-03-14 19:36:20 0 d-------- C:\Program Files\AOL 9.0
2008-03-14 19:35:58 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-14 19:35:14 0 d-------- C:\Program Files\Google
2008-03-14 19:35:05 0 d-------- C:\Documents and Settings\Josh\Application Data\uTorrent
2008-03-14 18:36:29 73 --a------ C:\WINDOWS\system32\nsprs.dll
2008-03-14 15:59:19 0 d-------- C:\Documents and Settings\Josh\Application Data\AVG7
2008-03-14 14:45:13 0 d-------- C:\Documents and Settings\Josh\Application Data\Adobe
2008-03-14 11:42:58 0 d-------- C:\Program Files\Common Files
2008-03-14 11:26:31 0 d-------- C:\Program Files\MSECache
2008-03-14 10:27:24 0 d-------- C:\Program Files\XoftSpy
2008-03-12 23:04:38 0 d-------- C:\Program Files\Zoom Player
2008-03-10 20:22:44 73 --a------ C:\WINDOWS\system32\ssprs.dll
2008-03-06 13:43:53 0 d-------- C:\Program Files\iPod
2008-03-06 13:36:43 0 d-------- C:\Program Files\QuickTime Alternative
2008-03-05 13:03:34 0 d-------- C:\Program Files\PeerGuardian2
2008-03-04 15:35:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-22 16:38:38 0 d-------- C:\Program Files\Microsoft Works
2008-02-15 21:05:27 0 d-------- C:\Program Files\Winamp
2008-02-09 13:11:19 47 --a----c- C:\tmp.bat
2008-02-08 03:26:13 0 d-------- C:\Program Files\DivoCodec
2008-02-05 20:54:52 0 d-------- C:\Documents and Settings\Josh\Application Data\vlc
2008-02-05 20:53:02 0 d-------- C:\Program Files\VideoLAN
2008-01-14 22:46:55 22051 --a----c- C:\logfile


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{598F4775-6FB6-477B-9842-E0426824E077}]
C:\DOCUME~1\Josh\LOCALS~1\Temp\~DP11.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [13/09/2004 15:33]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [15/02/2005 14:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [15/02/2005 14:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [30/10/2004 13:59]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/03/2005 10:26]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [23/02/2005 15:19]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [27/01/2005 00:02]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 00:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [20/03/2006 17:34]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [20/03/2006 17:34]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [28/06/2003 15:10]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [19/08/2003 12:47]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [05/06/2006 14:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/07/2006 18:39]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 17:17]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 04:00 C:\WINDOWS\system32\bthprops.cpl]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [19/02/2006 02:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [20/03/2006 17:34]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [31/01/2008 23:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]
"antiviirus"="C:\Program Files\antiviirus.exe" [14/03/2008 09:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [14/03/2008 11:31]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 10:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 04:00]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 09:23]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [20/07/2005 16:34:16]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [20/07/2005 16:30:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AvpCheck"= {55237993-9d65-4226-8f72-12f6f2a2a34f} - C:\WINDOWS\Installer\{55237993-9d65-4226-8f72-12f6f2a2a34f}\AvpCheck.dll [14/03/2008 09:50 18534]
"zip"= {541b586b-2a5b-4e7e-a55a-8cb304c33cb3} - C:\WINDOWS\Installer\{541b586b-2a5b-4e7e-a55a-8cb304c33cb3}\zip.dll [14/03/2008 09:50 23226]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/09/2004 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Basic Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Basic Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Basic Help.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SYSMONLOG



-- End of Deckard's System Scanner: finished at 2008-03-14 19:51:59 ------------
sufcmad16 is offline  
Old 03-14-2008, 06:36 PM   #3
TSF Team, Emeritus
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,311
OS: Windows 98 & Windows XP Home/Pro

My System


Welcome to TSF.

Please do not create duplicate threads. Threads merged....

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Go to My Computer->Tools (or View)->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders (it's Show all files for Windows 98).
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.
** You may change the above options back after your log is clean. If we ask you to fix something that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

Kontiki

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Josh\LOCALS~1\Temp\~DP11.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: etlrlws - {FD858878-29E2-4129-831C-06A61C344E15} - C:\WINDOWS\etlrlws.dll
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O21 - SSODL: AvpCheck - {55237993-9d65-4226-8f72-12f6f2a2a34f} - C:\WINDOWS\Installer\{55237993-9d65-4226-8f72-12f6f2a2a34f}\AvpCheck.dll
O21 - SSODL: zip - {541b586b-2a5b-4e7e-a55a-8cb304c33cb3} - C:\WINDOWS\Installer\{541b586b-2a5b-4e7e-a55a-8cb304c33cb3}\zip.dll
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\Program Files\Kontiki\
C:\WINDOWS\Installer\{55237993-9d65-4226-8f72-12f6f2a2a34f}\
C:\WINDOWS\Installer\{541b586b-2a5b-4e7e-a55a-8cb304c33cb3}\


Download KillBox at https://www.greyknight17.com/spy/KillBox.exe Run KillBox and check the box that says End Explorer Shell While Killing File. Next click on Delete on Reboot. Select the below lines. Right click on them once all are selected and choose Copy:

C:\Program Files\antiviirus.exe
C:\Program Files\tmp102390.exe
C:\Program Files\tmp108250.exe
C:\Program Files\tmp108250.exe
C:\Program Files\tmp151390.exe
C:\Program Files\tmp154890.exe
C:\Program Files\tmp157968.exe
C:\Program Files\tmp160953.exe
C:\Program Files\tmp2682375.exe
C:\Program Files\tmp75437.exe
C:\Program Files\tmp80796.exe
C:\tmp.bat
C:\WINDOWS\altvxvm.dll
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\drnpfdxrqv.dll
C:\WINDOWS\etlrlws.dll
C:\WINDOWS\fmsxwqs.exe
C:\WINDOWS\system32\nsprs.dll
C:\WINDOWS\system32\ssprs.dll


Go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes. If you get a PendingOperations message, just close it and restart your computer manually.


Restart the computer.

Perform an online scan with Internet Explorer at Panda ActiveScan https://www.pandasoftware.com/products/activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

Run DSS again and post the log here along with a new HijackThis log.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Sponsored Links
Advertisement
 
Old 03-15-2008, 03:35 AM   #4
Guest
 
Join Date: Mar 2008
Posts: 10
OS:



I followed the instructions given above however:

I couldn't delete the following files as it said they were in use by another application, i didn't hav any applications open.
C:\WINDOWS\Installer\{55237993-9d65-4226-8f72-12f6f2a2a34f}\
C:\WINDOWS\Installer\{541b586b-2a5b-4e7e-a55a-8cb304c33cb3}\

also iexplorer is still running in the background and when i load the internet up i am sent to a website as i explained previously.
On opening the interne, this site is https://dns4error.com/

I can't see any change since following the previous instructions, hope anyone can help me with this.

Panda Activescan Run is shown below:

Incident Status Location

Possible Virus. Not disinfected C:\Deckard\System Scanner\backup\WINDOWS\temp\ASHeuristic\AvpCheck_dll.vir
Possible Virus. Not disinfected C:\Deckard\System Scanner\backup\WINDOWS\temp\ASHeuristic\zip_dll.vir
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Josh\Cookies\[email protected][1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Josh\Cookies\[email protected][1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Josh\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Josh\Cookies\[email protected][2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Josh\Cookies\[email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Josh\Cookies\[email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Josh\Cookies\[email protected][2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Josh\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Josh\Cookies\[email protected][1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Josh\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Josh\Cookies\[email protected][1].txt
Virus:Generic Malware Disinfected C:\Documents and Settings\Josh\Desktop\Joshs Documents\Antivirus software\keygen.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Josh\Desktop\Joshs Documents\Virus Help\SmitfraudFix\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Josh\Desktop\Joshs Documents\Virus Help\SmitfraudFix\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Josh\Desktop\Joshs Documents\Virus Help\SmitfraudFix\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Josh\Desktop\Joshs Documents\Virus Help\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Josh\Desktop\Joshs Documents\Virus Help\SmitfraudFix.zip[SmitfraudFix/Reboot.exe]
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Josh\Desktop\Joshs Documents\Virus Help\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Adware:Adware/AdsRevenue Not disinfected C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\Content.IE5\JZ9BOAUD\2676jewxeczc[1].htm
Adware:Adware/AdsRevenue Not disinfected C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\Content.IE5\JZ9BOAUD\popup[1].htm
Adware:Adware/AdsRevenue Not disinfected C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\Content.IE5\M7VJ5AGX\popup[1].htm
Adware:Adware/AdsRevenue Not disinfected C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\Content.IE5\M7VJ5AGX\popup[2].htm
Adware:Adware/AdsRevenue Not disinfected C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\Content.IE5\M7VJ5AGX\popup[3].htm
Adware:Adware/AdsRevenue Not disinfected C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\Content.IE5\NDI32MEO\popup[1].htm
Adware:Adware/AdsRevenue Not disinfected C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\Content.IE5\O2LDP73O\popup[1].htm
Adware:Adware/AdsRevenue Not disinfected C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\Content.IE5\O2LDP73O\popup[2].htm
Virus:Trj/Downloader.SYN Disinfected C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\Content.IE5\VNME7JDZ\2676hpizgyyc[1].exe
Potentially unwanted tool:Application/MyWay Not disinfected C:\Documents and Settings\Josh\My Documents\Unused Icons\Cdvd.exe[s4BarSp.exe]
Adware:Adware/ClockSync Not disinfected C:\Documents and Settings\Josh\My Documents\Unused Icons\Cdvd.exe[VVSNInst.exe]
Virus:Trj/Banker.SW Not disinfected


The hijack this scan is shown below:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:53, on 15/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0.1 Server\English\lservnt.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: etlrlws - {FD858878-29E2-4129-831C-06A61C344E15} - C:\WINDOWS\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - https://www.williamhillcasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - https://www.williamhillcasino.com (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - https://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - https://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O21 - SSODL: zip - {541b586b-2a5b-4e7e-a55a-8cb304c33cb3} - C:\WINDOWS\Installer\{541b586b-2a5b-4e7e-a55a-8cb304c33cb3}\zip.dll
O21 - SSODL: AvpCheck - {55237993-9d65-4226-8f72-12f6f2a2a34f} - C:\WINDOWS\Installer\{55237993-9d65-4226-8f72-12f6f2a2a34f}\AvpCheck.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SentinelLM - Rainbow Technologies, Inc. - C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0.1 Server\English\lservnt.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14430 bytes

DSS Scanner Log is shown below:
Deckard's System Scanner v20071014.68
Run by Josh on 2008-03-15 10:31:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 84% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 0.94 GiB (less than 15%) free.


-- HijackThis (run as Josh.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:55, on 15/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0.1 Server\English\lservnt.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\Content.IE5\JZ9BOAUD\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Josh.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: etlrlws - {FD858878-29E2-4129-831C-06A61C344E15} - C:\WINDOWS\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - https://www.williamhillcasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - https://www.williamhillcasino.com (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - https://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - https://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O21 - SSODL: zip - {541b586b-2a5b-4e7e-a55a-8cb304c33cb3} - C:\WINDOWS\Installer\{541b586b-2a5b-4e7e-a55a-8cb304c33cb3}\zip.dll
O21 - SSODL: AvpCheck - {55237993-9d65-4226-8f72-12f6f2a2a34f} - C:\WINDOWS\Installer\{55237993-9d65-4226-8f72-12f6f2a2a34f}\AvpCheck.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SentinelLM - Rainbow Technologies, Inc. - C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0.1 Server\English\lservnt.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14600 bytes

-- Files created between 2008-02-15 and 2008-03-15 -----------------------------

2008-03-15 04:24:10 231 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2008-03-15 04:24:10 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2008-03-15 02:05:19 16524 -r-hs---- C:\Program Files\tmp115859.exe
2008-03-15 02:05:12 16524 -r-hs---- C:\Program Files\tmp109062.exe
2008-03-14 20:56:21 0 d-------- C:\Documents and Settings\Josh\Application Data\WinPatrol
2008-03-14 20:54:46 0 d-------- C:\Program Files\BillP Studios
2008-03-14 20:43:52 16524 -r-hs---- C:\Program Files\tmp166640.exe
2008-03-14 20:43:44 16524 -r-hs---- C:\Program Files\tmp159406.exe
2008-03-14 19:47:01 0 d-------- C:\Program Files\Trend Micro
2008-03-14 18:35:24 16524 -r-hs---- C:\Program Files\tmp108250.exe
2008-03-14 18:35:18 16524 -r-hs---- C:\Program Files\tmp102390.exe
2008-03-14 17:51:32 16524 -r-hs---- C:\Program Files\tmp157968.exe
2008-03-14 17:51:25 16524 -r-hs---- C:\Program Files\tmp151390.exe
2008-03-14 17:18:22 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-14 14:21:47 16524 -r-hs---- C:\Program Files\tmp160953.exe
2008-03-14 14:21:41 16524 -r-hs---- C:\Program Files\tmp154890.exe
2008-03-14 11:48:16 0 d-------- C:\Program Files\Lavasoft
2008-03-14 11:47:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-14 11:42:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-14 11:40:06 0 d-------- C:\Program Files\Windows Defender
2008-03-14 11:29:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-14 11:27:29 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-03-14 10:36:48 0 d------c- C:\!KillBox
2008-03-14 09:56:28 16524 -r-hs---- C:\Program Files\tmp80796.exe
2008-03-14 09:56:22 16524 -r-hs---- C:\Program Files\tmp75437.exe
2008-03-14 09:50:59 16524 -r-hs---- C:\Program Files\tmp2687375.exe
2008-03-14 09:50:54 16524 -r-hs---- C:\Program Files\tmp2682375.exe
2008-03-14 09:50:50 245760 --a------ C:\WINDOWS\drnpfdxrqv.dll
2008-03-14 09:50:50 270336 --a------ C:\WINDOWS\bokpkov.dll
2008-03-07 20:36:39 0 d-------- C:\Program Files\William Hill Poker
2008-03-02 16:39:40 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-02-24 17:52:27 0 d-------- C:\Program Files\Channel4
2008-02-24 17:49:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2008-02-15 21:02:42 0 d-------- C:\Documents and Settings\Josh\Application Data\Winamp


-- Find3M Report ---------------------------------------------------------------

2008-03-15 05:35:16 0 d-------- C:\Program Files\PowerISO
2008-03-15 05:29:55 0 d-------- C:\Program Files\Messenger
2008-03-15 05:23:17 0 d-------- C:\Program Files\iTunes
2008-03-15 05:20:14 0 d-------- C:\Program Files\Google
2008-03-15 05:19:26 0 d-------- C:\Program Files\Digital Line Detect
2008-03-15 05:19:25 0 d-------- C:\Program Files\DellSupport
2008-03-15 05:17:36 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-15 05:13:16 0 d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2008-03-15 05:12:39 0 d-------- C:\Program Files\Bonjour
2008-03-15 05:12:28 0 d-------- C:\Program Files\Apoint
2008-03-15 05:12:14 0 d-------- C:\Program Files\AOL 9.0
2008-03-15 03:13:46 73 --a------ C:\WINDOWS\system32\nsprs.dll
2008-03-14 19:35:05 0 d-------- C:\Documents and Settings\Josh\Application Data\uTorrent
2008-03-14 15:59:19 0 d-------- C:\Documents and Settings\Josh\Application Data\AVG7
2008-03-14 14:45:13 0 d-------- C:\Documents and Settings\Josh\Application Data\Adobe
2008-03-14 11:42:58 0 d-------- C:\Program Files\Common Files
2008-03-14 11:26:31 0 d-------- C:\Program Files\MSECache
2008-03-14 10:27:24 0 d-------- C:\Program Files\XoftSpy
2008-03-12 23:04:38 0 d-------- C:\Program Files\Zoom Player
2008-03-10 20:22:44 73 --a------ C:\WINDOWS\system32\ssprs.dll
2008-03-06 13:43:53 0 d-------- C:\Program Files\iPod
2008-03-06 13:36:43 0 d-------- C:\Program Files\QuickTime Alternative
2008-03-05 13:03:34 0 d-------- C:\Program Files\PeerGuardian2
2008-03-04 15:35:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-22 16:38:38 0 d-------- C:\Program Files\Microsoft Works
2008-02-15 21:05:27 0 d-------- C:\Program Files\Winamp
2008-02-09 13:11:19 47 --a----c- C:\tmp.bat
2008-02-08 03:26:13 0 d-------- C:\Program Files\DivoCodec
2008-02-05 20:54:52 0 d-------- C:\Documents and Settings\Josh\Application Data\vlc
2008-02-05 20:53:02 0 d-------- C:\Program Files\VideoLAN
2008-01-14 22:46:55 22051 --a----c- C:\logfile


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [13/09/2004 15:33]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [15/02/2005 14:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [15/02/2005 14:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [30/10/2004 13:59]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/03/2005 10:26]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [23/02/2005 15:19]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [27/01/2005 00:02]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 00:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [20/03/2006 17:34]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [20/03/2006 17:34]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [28/06/2003 15:10]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [19/08/2003 12:47]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [05/06/2006 14:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/07/2006 18:39]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 17:17]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 04:00 C:\WINDOWS\system32\bthprops.cpl]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [19/02/2006 02:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [20/03/2006 17:34]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [31/01/2008 23:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [14/03/2008 11:31]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [27/01/2008 05:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 10:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 04:00]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 09:23]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [20/07/2005 16:34:16]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [20/07/2005 16:30:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {541b586b-2a5b-4e7e-a55a-8cb304c33cb3} - C:\WINDOWS\Installer\{541b586b-2a5b-4e7e-a55a-8cb304c33cb3}\zip.dll [14/03/2008 09:50 23226]
"AvpCheck"= {55237993-9d65-4226-8f72-12f6f2a2a34f} - C:\WINDOWS\Installer\{55237993-9d65-4226-8f72-12f6f2a2a34f}\AvpCheck.dll [14/03/2008 09:50 18534]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/09/2004 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Basic Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Basic Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Basic Help.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ



Hope this helps to solve my problem, thanks



-- End of Deckard's System Scanner: finished at 2008-03-15 10:32:26 ------------
sufcmad16 is offline  
Old 03-17-2008, 07:40 PM   #5
TSF Team, Emeritus
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,311
OS: Windows 98 & Windows XP Home/Pro

My System


Were you able to delete any of the files earlier mentioned to be deleted?

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download ATF Cleaner at https://www.atribune.org/ccount/click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Restart your computer and boot into Safe Mode (if you don't know how, go to https://www.bleepingcomputer.com/foru...howtutorial=61 ). Make sure to close any internet browsers that may still be open.

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\Installer\{55237993-9d65-4226-8f72-12f6f2a2a34f}\
C:\WINDOWS\Installer\{541b586b-2a5b-4e7e-a55a-8cb304c33cb3}\
C:\Documents and Settings\Josh\My Documents\Unused Icons\Cdvd.exe


Restart the computer to get back to Normal Mode.

Go to https://www.bleepingcomputer.com/comb...o-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Old 03-18-2008, 06:49 AM   #6
Guest
 
Join Date: Mar 2008
Posts: 10
OS:



Thanks for the help, not sure if my computer is back to normal now. The log file from combo fix is shown below, the files stated above have now been deleted. From your previous post everything got deleted.

ComboFix 08-03-17.1 - Josh 2008-03-18 10:36:59.1 - NTFSx86
Running from: C:\Documents and Settings\Josh\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Josh\Application Data\macromedia\Flash Player\#SharedObjects\XJL3ADVT\www.broadcaster.com
C:\Documents and Settings\Josh\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Josh\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\nsprs.dll
C:\WINDOWS\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

2008-03-16 15:54 . 2008-03-18 09:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-16 15:54 . 2008-03-16 15:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-15 02:05 . 2008-03-15 02:05 16,524 -r-hs---- C:\Program Files\tmp115859.exe
2008-03-15 02:05 . 2008-03-15 02:05 16,524 -r-hs---- C:\Program Files\tmp109062.exe
2008-03-14 20:56 . 2008-03-14 20:56 <DIR> d-------- C:\Documents and Settings\Josh\Application Data\WinPatrol
2008-03-14 20:54 . 2008-03-14 20:54 <DIR> d-------- C:\Program Files\BillP Studios
2008-03-14 20:43 . 2008-03-14 20:43 16,524 -r-hs---- C:\Program Files\tmp166640.exe
2008-03-14 20:43 . 2008-03-14 20:43 16,524 -r-hs---- C:\Program Files\tmp159406.exe
2008-03-14 19:47 . 2008-03-14 19:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-14 19:39 . 2008-03-14 19:39 <DIR> d----c--- C:\Deckard
2008-03-14 18:35 . 2008-03-14 18:35 16,524 -r-hs---- C:\Program Files\tmp108250.exe
2008-03-14 18:35 . 2008-03-14 18:35 16,524 -r-hs---- C:\Program Files\tmp102390.exe
2008-03-14 17:51 . 2008-03-14 17:51 16,524 -r-hs---- C:\Program Files\tmp157968.exe
2008-03-14 17:51 . 2008-03-14 17:51 16,524 -r-hs---- C:\Program Files\tmp151390.exe
2008-03-14 17:19 . 2008-03-15 03:26 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-14 17:19 . 2008-03-15 03:26 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-14 17:18 . 2008-03-15 05:57 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-14 17:18 . 2008-03-15 03:26 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-14 14:21 . 2008-03-14 14:21 16,524 -r-hs---- C:\Program Files\tmp160953.exe
2008-03-14 14:21 . 2008-03-14 14:21 16,524 -r-hs---- C:\Program Files\tmp154890.exe
2008-03-14 11:48 . 2008-03-14 11:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-14 11:47 . 2008-03-14 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-14 11:42 . 2008-03-14 11:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-14 11:40 . 2008-03-15 05:39 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-14 11:29 . 2008-03-14 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-14 11:27 . 2008-03-14 11:27 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-03-14 09:56 . 2008-03-14 09:56 16,524 -r-hs---- C:\Program Files\tmp80796.exe
2008-03-14 09:56 . 2008-03-14 09:56 16,524 -r-hs---- C:\Program Files\tmp75437.exe
2008-03-14 09:50 . 2008-03-13 16:34 270,336 --a------ C:\WINDOWS\bokpkov.dll
2008-03-14 09:50 . 2008-03-13 16:34 245,760 --a------ C:\WINDOWS\drnpfdxrqv.dll
2008-03-14 09:50 . 2008-03-14 09:50 16,524 -r-hs---- C:\Program Files\tmp2687375.exe
2008-03-14 09:50 . 2008-03-14 09:50 16,524 -r-hs---- C:\Program Files\tmp2682375.exe
2008-03-07 20:36 . 2008-03-09 15:19 <DIR> d-------- C:\Program Files\William Hill Poker
2008-02-25 19:59 . 2008-03-05 17:17 1,236 --a--c--- C:\bar.emf
2008-02-24 17:52 . 2008-02-24 17:52 <DIR> d-------- C:\Program Files\Channel4
2008-02-24 17:49 . 2008-02-24 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 08:50 --------- d-----w C:\Documents and Settings\Josh\Application Data\AVG7
2008-03-17 11:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-17 09:27 --------- d-----w C:\Documents and Settings\Josh\Application Data\uTorrent
2008-03-15 05:35 --------- d-----w C:\Program Files\PowerISO
2008-03-15 05:23 --------- d-----w C:\Program Files\iTunes
2008-03-15 05:20 --------- d-----w C:\Program Files\Google
2008-03-15 05:19 --------- d-----w C:\Program Files\Digital Line Detect
2008-03-15 05:19 --------- d-----w C:\Program Files\DellSupport
2008-03-15 05:17 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-15 05:13 --------- d-----w C:\Program Files\BT Voyager 105 ADSL Modem
2008-03-15 05:12 --------- d-----w C:\Program Files\Bonjour
2008-03-15 05:12 --------- d-----w C:\Program Files\Apoint
2008-03-15 05:12 --------- d-----w C:\Program Files\AOL 9.0
2008-03-15 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-14 22:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-14 18:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-14 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-14 11:26 --------- d-----w C:\Program Files\MSECache
2008-03-14 10:27 --------- d-----w C:\Program Files\XoftSpy
2008-03-12 23:04 --------- d-----w C:\Program Files\Zoom Player
2008-03-06 13:43 --------- d-----w C:\Program Files\iPod
2008-03-06 13:36 --------- d-----w C:\Program Files\QuickTime Alternative
2008-03-05 13:03 --------- d-----w C:\Program Files\PeerGuardian2
2008-03-04 15:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-22 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-22 16:38 --------- d-----w C:\Program Files\Microsoft Works
2008-02-15 21:05 --------- d-----w C:\Program Files\Winamp
2008-02-15 21:05 --------- d-----w C:\Documents and Settings\Josh\Application Data\Winamp
2008-02-09 13:11 47 -c--a-w C:\tmp.bat
2008-02-08 03:26 --------- d-----w C:\Program Files\DivoCodec
2008-02-07 23:48 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-05 20:54 --------- d-----w C:\Documents and Settings\Josh\Application Data\vlc
2008-02-05 20:53 --------- d-----w C:\Program Files\VideoLAN
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-11-04 17:06 48,832 -c--a-w C:\Documents and Settings\Josh\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD858878-29E2-4129-831C-06A61C344E15}"= "C:\WINDOWS\etlrlws.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{fd858878-29e2-4129-831c-06a61c344e15}]
[HKEY_CLASSES_ROOT\etlrlws.1]
[HKEY_CLASSES_ROOT\TypeLib\{D6E34D79-6CEE-4CB0-885A-70F79E31B87E}]
[HKEY_CLASSES_ROOT\etlrlws]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 15:33 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 14:02 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 14:02 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 13:59 385024]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 10:26 606208]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 15:19 53248]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 00:02 86016]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 17:34 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:34 86960]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 15:10 1658965]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 12:47 16384]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-06-05 14:06 188416]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-03 18:39 180269]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 04:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-14 11:31 579072]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 05:38 316728]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-14 11:29 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2005-07-20 16:34:16 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-20 16:30:00 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {541b586b-2a5b-4e7e-a55a-8cb304c33cb3} - C:\WINDOWS\Installer\{541b586b-2a5b-4e7e-a55a-8cb304c33cb3}\zip.dll [ ]
"AvpCheck"= {55237993-9d65-4226-8f72-12f6f2a2a34f} - C:\WINDOWS\Installer\{55237993-9d65-4226-8f72-12f6f2a2a34f}\AvpCheck.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Basic Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Basic Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Basic Help.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 22:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\William Hill Poker\\UA.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15784:TCP"= 15784:TCP:BitComet 15784 TCP
"15784:UDP"= 15784:UDP:BitComet 15784 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"21153:TCP"= 21153:TCP:utor

R2 SentinelLM;SentinelLM;"C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0.1 Server\English\lservnt.exe" [2002-07-10 06:20]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]
S3 musbehco;musbehco;C:\DOCUME~1\Josh\LOCALS~1\Temp\musbehco.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 12:35:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-04 15:00:52 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.2.25.1.sxt [email protected]
"2008-03-18 09:38:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-01 23:02:16 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-03-18 10:49:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-18 10:56:46
ComboFix-quarantined-files.txt 2008-03-18 10:56:39
.
2008-03-12 14:46:06 --- E O F ---
sufcmad16 is offline  
Old 03-20-2008, 05:52 PM   #7
TSF Team, Emeritus
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,311
OS: Windows 98 & Windows XP Home/Pro

My System


Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:
Quote:
KILLALL::

File::
C:\Program Files\tmp115859.exe
C:\Program Files\tmp109062.exe
C:\Program Files\tmp166640.exe
C:\Program Files\tmp159406.exe
C:\Program Files\tmp108250.exe
C:\Program Files\tmp102390.exe
C:\Program Files\tmp157968.exe
C:\Program Files\tmp151390.exe
C:\Program Files\tmp160953.exe
C:\Program Files\tmp154890.exe
C:\Program Files\tmp80796.exe
C:\Program Files\tmp75437.exe
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\drnpfdxrqv.dll
C:\Program Files\tmp2687375.exe
C:\Program Files\tmp2682375.exe

Folder::
C:\WINDOWS\Installer\{541b586b-2a5b-4e7e-a55a-8cb304c33cb3}\
C:\WINDOWS\Installer\{55237993-9d65-4226-8f72-12f6f2a2a34f}\

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD858878-29E2-4129-831C-06A61C344E15}"=-
[-HKEY_CLASSES_ROOT\clsid\{fd858878-29e2-4129-831c-06a61c344e15}]
[-HKEY_CLASSES_ROOT\etlrlws.1]
[-HKEY_CLASSES_ROOT\TypeLib\{D6E34D79-6CEE-4CB0-885A-70F79E31B87E}]
[-HKEY_CLASSES_ROOT\etlrlws]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"=-
"AvpCheck"=-
Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Run DSS and post the log here along with a status update (any improvement)?
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Old 03-23-2008, 05:55 PM   #8
Guest
 
Join Date: Mar 2008
Posts: 10
OS:



The Combofix log is shown below:
ComboFix 08-03-17.1 - Josh 2008-03-24 0:14:48.4 - NTFSx86

Running from: C:\Documents and Settings\Josh\Desktop\Virus Help\ComboFix.exe
Command switches used :: C:\Documents and Settings\Josh\Desktop\Virus Help\CFScript.txt
* Created a new restore point

FILE ::
C:\Program Files\tmp102390.exe
C:\Program Files\tmp108250.exe
C:\Program Files\tmp109062.exe
C:\Program Files\tmp115859.exe
C:\Program Files\tmp151390.exe
C:\Program Files\tmp154890.exe
C:\Program Files\tmp157968.exe
C:\Program Files\tmp159406.exe
C:\Program Files\tmp160953.exe
C:\Program Files\tmp166640.exe
C:\Program Files\tmp2682375.exe
C:\Program Files\tmp2687375.exe
C:\Program Files\tmp75437.exe
C:\Program Files\tmp80796.exe
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\drnpfdxrqv.dll
.
TimeOut - Windir.dat
TimeOut - progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\nsprs.dll
.
---- Previous Run -------
.
C:\Program Files\tmp102390.exe
C:\Program Files\tmp108250.exe
C:\Program Files\tmp109062.exe
C:\Program Files\tmp115859.exe
C:\Program Files\tmp151390.exe
C:\Program Files\tmp154890.exe
C:\Program Files\tmp157968.exe
C:\Program Files\tmp159406.exe
C:\Program Files\tmp160953.exe
C:\Program Files\tmp166640.exe
C:\Program Files\tmp2682375.exe
C:\Program Files\tmp2687375.exe
C:\Program Files\tmp75437.exe
C:\Program Files\tmp80796.exe
C:\WINDOWS\bokpkov.dll
C:\WINDOWS\drnpfdxrqv.dll
C:\WINDOWS\system32\nsprs.dll
C:\WINDOWS\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-21 17:42 . 2008-03-21 17:42 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-21 17:41 . 2008-03-21 17:41 <DIR> d-------- C:\Program Files\Real
2008-03-21 17:17 . 2008-03-21 17:17 <DIR> d-------- C:\Program Files\Picasa2
2008-03-19 15:53 . 2008-03-19 15:53 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-03-19 15:53 . 2008-03-19 15:53 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-03-19 10:21 . 2008-03-23 22:08 87 --a------ C:\WINDOWS\system32\nsprs.tgz
2008-03-16 15:54 . 2008-03-23 22:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-16 15:54 . 2008-03-16 15:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-14 20:56 . 2008-03-14 20:56 <DIR> d-------- C:\Documents and Settings\Josh\Application Data\WinPatrol
2008-03-14 20:54 . 2008-03-14 20:54 <DIR> d-------- C:\Program Files\BillP Studios
2008-03-14 19:47 . 2008-03-14 19:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-14 19:39 . 2008-03-14 19:39 <DIR> d----c--- C:\Deckard
2008-03-14 17:19 . 2008-03-15 03:26 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-14 17:19 . 2008-03-15 03:26 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-14 17:18 . 2008-03-15 05:57 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-14 17:18 . 2008-03-15 03:26 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-14 11:48 . 2008-03-14 11:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-14 11:47 . 2008-03-14 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-14 11:42 . 2008-03-14 11:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-14 11:40 . 2008-03-15 05:39 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-14 11:29 . 2008-03-14 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-14 11:27 . 2008-03-14 11:27 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-03-07 20:36 . 2008-03-23 18:46 <DIR> d-------- C:\Program Files\William Hill Poker
2008-02-25 19:59 . 2008-03-05 17:17 1,236 --a--c--- C:\bar.emf
2008-02-24 17:52 . 2008-02-24 17:52 <DIR> d-------- C:\Program Files\Channel4
2008-02-24 17:49 . 2008-02-24 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 12:12 --------- d-----w C:\Program Files\Pfe32
2008-03-22 10:58 --------- d-----w C:\Program Files\Google
2008-03-21 23:39 --------- d-----w C:\Documents and Settings\Josh\Application Data\uTorrent
2008-03-21 23:36 --------- d-----w C:\Program Files\LimeWire
2008-03-21 17:42 --------- d-----w C:\Program Files\Common Files\Real
2008-03-19 00:40 --------- d-----w C:\Program Files\PeerGuardian2
2008-03-18 18:24 --------- d-----w C:\Documents and Settings\Josh\Application Data\AVG7
2008-03-18 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-18 17:40 --------- d-----w C:\Program Files\Symantec
2008-03-18 17:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-17 11:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-15 05:35 --------- d-----w C:\Program Files\PowerISO
2008-03-15 05:23 --------- d-----w C:\Program Files\iTunes
2008-03-15 05:19 --------- d-----w C:\Program Files\Digital Line Detect
2008-03-15 05:19 --------- d-----w C:\Program Files\DellSupport
2008-03-15 05:17 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-15 05:13 --------- d-----w C:\Program Files\BT Voyager 105 ADSL Modem
2008-03-15 05:12 --------- d-----w C:\Program Files\Bonjour
2008-03-15 05:12 --------- d-----w C:\Program Files\Apoint
2008-03-15 05:12 --------- d-----w C:\Program Files\AOL 9.0
2008-03-15 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-14 22:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-14 18:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-14 11:26 --------- d-----w C:\Program Files\MSECache
2008-03-14 10:27 --------- d-----w C:\Program Files\XoftSpy
2008-03-12 23:04 --------- d-----w C:\Program Files\Zoom Player
2008-03-06 13:43 --------- d-----w C:\Program Files\iPod
2008-03-06 13:36 --------- d-----w C:\Program Files\QuickTime Alternative
2008-03-04 15:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-22 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-22 16:38 --------- d-----w C:\Program Files\Microsoft Works
2008-02-15 21:05 --------- d-----w C:\Program Files\Winamp
2008-02-15 21:05 --------- d-----w C:\Documents and Settings\Josh\Application Data\Winamp
2008-02-09 13:11 47 -c--a-w C:\tmp.bat
2008-02-08 03:26 --------- d-----w C:\Program Files\DivoCodec
2008-02-07 23:48 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-05 20:54 --------- d-----w C:\Documents and Settings\Josh\Application Data\vlc
2008-02-05 20:53 --------- d-----w C:\Program Files\VideoLAN
2007-11-04 17:06 48,832 -c--a-w C:\Documents and Settings\Josh\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( [email protected]_10.56.13.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-07-20 16:34:34 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-03-21 17:41:46 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2006-07-03 18:39:25 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-03-21 17:41:48 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2006-07-03 18:39:25 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-03-21 17:41:48 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2006-07-03 18:39:48 176,167 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-03-21 17:42:07 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 15:33 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 14:02 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 14:02 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 13:59 385024]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 10:26 606208]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 15:19 53248]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 00:02 86016]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 17:34 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:34 86960]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 15:10 1658965]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 12:47 16384]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-06-05 14:06 188416]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 04:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-14 11:31 579072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-21 17:41 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-14 11:29 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2005-07-20 16:34:16 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-20 16:30:00 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Basic Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Basic Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Basic Help.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 22:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\William Hill Poker\\UA.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15784:TCP"= 15784:TCP:BitComet 15784 TCP
"15784:UDP"= 15784:UDP:BitComet 15784 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"21153:TCP"= 21153:TCP:utor

S3 musbehco;musbehco;C:\DOCUME~1\Josh\LOCALS~1\Temp\musbehco.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 12:35:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-18 13:24:07 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.2.25.1.sxt [email protected]
"2008-03-24 00:29:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-01 23:02:16 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-03-24 00:27:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\matlab6p5\bin\win32\matlab.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0.1 Server\English\lservnt.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-03-24 0:43:01 - machine was rebooted [Josh]
ComboFix-quarantined-files.txt 2008-03-24 00:42:53
ComboFix2.txt 2008-03-18 19:30:36
ComboFix3.txt 2008-03-18 10:56:48
.
2008-03-18 21:19:13 --- E O F ---


Next is the DSS log produced.
Deckard's System Scanner v20071014.68
Run by Josh on 2008-03-24 00:50:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 2.88 GiB (less than 15%) free.


-- HijackThis (run as Josh.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:51:25, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0.1 Server\English\lservnt.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Josh\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Josh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - https://www.williamhillcasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - https://www.williamhillcasino.com (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - https://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - https://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SentinelLM - Rainbow Technologies, Inc. - C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0.1 Server\English\lservnt.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13814 bytes

-- Files created between 2008-02-24 and 2008-03-24 -----------------------------

2008-03-21 17:42:18 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-21 17:41:47 0 d-------- C:\Program Files\Real
2008-03-21 17:17:17 0 d-------- C:\Program Files\Picasa2
2008-03-19 15:53:52 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-03-19 15:53:52 1025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-03-18 10:33:50 0 d------c- C:\cmdcons
2008-03-18 10:30:06 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-18 10:30:06 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-18 10:30:06 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-18 10:30:06 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-14 20:56:21 0 d-------- C:\Documents and Settings\Josh\Application Data\WinPatrol
2008-03-14 20:54:46 0 d-------- C:\Program Files\BillP Studios
2008-03-14 19:47:01 0 d-------- C:\Program Files\Trend Micro
2008-03-14 17:18:22 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-14 11:48:16 0 d-------- C:\Program Files\Lavasoft
2008-03-14 11:47:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-14 11:42:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-14 11:40:06 0 d-------- C:\Program Files\Windows Defender
2008-03-14 11:29:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-14 11:27:29 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-03-14 10:36:48 0 d------c- C:\!KillBox
2008-03-07 20:36:39 0 d-------- C:\Program Files\William Hill Poker
2008-03-02 16:39:40 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-02-24 17:52:27 0 d-------- C:\Program Files\Channel4
2008-02-24 17:49:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Channel4


-- Find3M Report ---------------------------------------------------------------

2008-03-23 12:12:09 0 d-------- C:\Program Files\Pfe32
2008-03-22 10:58:50 0 d-------- C:\Program Files\Google
2008-03-21 23:39:20 0 d-------- C:\Documents and Settings\Josh\Application Data\uTorrent
2008-03-21 23:36:43 0 d-------- C:\Program Files\LimeWire
2008-03-21 17:48:24 0 d-------- C:\Documents and Settings\Josh\Application Data\Real
2008-03-21 17:42:18 0 d-------- C:\Program Files\Common Files
2008-03-21 17:42:12 0 d-------- C:\Program Files\Common Files\Real
2008-03-19 00:40:36 0 d-------- C:\Program Files\PeerGuardian2
2008-03-18 18:24:36 0 d-------- C:\Documents and Settings\Josh\Application Data\AVG7
2008-03-18 17:40:51 0 d-------- C:\Program Files\Symantec
2008-03-18 17:40:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-17 11:47:01 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-15 05:35:16 0 d-------- C:\Program Files\PowerISO
2008-03-15 05:29:55 0 d-------- C:\Program Files\Messenger
2008-03-15 05:23:17 0 d-------- C:\Program Files\iTunes
2008-03-15 05:19:26 0 d-------- C:\Program Files\Digital Line Detect
2008-03-15 05:19:25 0 d-------- C:\Program Files\DellSupport
2008-03-15 05:17:36 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-15 05:13:16 0 d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2008-03-15 05:12:39 0 d-------- C:\Program Files\Bonjour
2008-03-15 05:12:28 0 d-------- C:\Program Files\Apoint
2008-03-15 05:12:14 0 d-------- C:\Program Files\AOL 9.0
2008-03-14 14:45:13 0 d-------- C:\Documents and Settings\Josh\Application Data\Adobe
2008-03-14 11:26:31 0 d-------- C:\Program Files\MSECache
2008-03-14 10:27:24 0 d-------- C:\Program Files\XoftSpy
2008-03-12 23:04:38 0 d-------- C:\Program Files\Zoom Player
2008-03-06 13:43:53 0 d-------- C:\Program Files\iPod
2008-03-06 13:36:43 0 d-------- C:\Program Files\QuickTime Alternative
2008-03-04 15:35:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-22 16:38:38 0 d-------- C:\Program Files\Microsoft Works
2008-02-15 21:05:34 0 d-------- C:\Documents and Settings\Josh\Application Data\Winamp
2008-02-15 21:05:27 0 d-------- C:\Program Files\Winamp
2008-02-09 13:11:19 47 --a----c- C:\tmp.bat
2008-02-08 03:26:13 0 d-------- C:\Program Files\DivoCodec
2008-02-05 20:54:52 0 d-------- C:\Documents and Settings\Josh\Application Data\vlc
2008-02-05 20:53:02 0 d-------- C:\Program Files\VideoLAN
2008-01-14 22:46:55 22051 --a----c- C:\logfile


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [13/09/2004 15:33]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [15/02/2005 14:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [15/02/2005 14:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [30/10/2004 13:59]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/03/2005 10:26]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [23/02/2005 15:19]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [27/01/2005 00:02]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 00:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [20/03/2006 17:34]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [20/03/2006 17:34]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [28/06/2003 15:10]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [19/08/2003 12:47]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [05/06/2006 14:06]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 17:17]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 04:00 C:\WINDOWS\system32\bthprops.cpl]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [19/02/2006 02:41]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [20/03/2006 17:34]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [31/01/2008 23:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [14/03/2008 11:31]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [21/03/2008 17:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 10:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 04:00]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 09:23]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [20/07/2005 16:34:16]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [20/07/2005 16:30:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/09/2004 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Basic Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Basic Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Basic Help.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-03-24 00:52:06 ------------



My computer seems okay but i'm not sure if there are any hidden bad files in the waiting.
I am currently having a problem with something called agent.exe When i open task manager it seems to be taking up lots of CPU usage and making my computer run slow. Is there anything you can do to help me. I appreciate the help already given to me.

Thanks
sufcmad16 is offline  
Old 03-23-2008, 08:43 PM   #9
TSF Team, Emeritus
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,311
OS: Windows 98 & Windows XP Home/Pro

My System


Let's try disabling some startup programs to see if it helps with the speed. Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe


Uninstall DivoCodec via your Add/Remove Programs panel if found.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:
Quote:
KILLALL::

Driver::
musbehco

File::
C:\tmp.bat

Folder::
C:\Program Files\DivoCodec
Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Any better now?
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Old 03-26-2008, 03:59 AM   #10
Guest
 
Join Date: Mar 2008
Posts: 10
OS:



The log from combofix is below: When i dragged the icon on an error message appeared however combofix still ran does this mean that it worked the CFScript file?


ComboFix 08-03-17.1 - Josh 2008-03-26 10:08:18.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.238 [GMT 0:00]
Running from: C:\Documents and Settings\Josh\Desktop\Virus Help\ComboFix.exe
Command switches used :: C:\Documents and Settings\Josh\Desktop\Virus Help\CFScript.txt
* Created a new restore point

FILE ::
C:\tmp.bat
.
TimeOut - Windir.dat
TimeOut - progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\tmp.bat
C:\WINDOWS\system32\nsprs.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MUSBEHCO
-------\Service_musbehco


((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.

2008-03-21 17:42 . 2008-03-21 17:42 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-21 17:41 . 2008-03-21 17:41 <DIR> d-------- C:\Program Files\Real
2008-03-21 17:17 . 2008-03-21 17:17 <DIR> d-------- C:\Program Files\Picasa2
2008-03-19 15:53 . 2008-03-19 15:53 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-03-19 15:53 . 2008-03-19 15:53 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-03-19 10:21 . 2008-03-26 09:57 87 --a------ C:\WINDOWS\system32\nsprs.tgz
2008-03-16 15:54 . 2008-03-25 10:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-16 15:54 . 2008-03-16 15:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-14 20:56 . 2008-03-14 20:56 <DIR> d-------- C:\Documents and Settings\Josh\Application Data\WinPatrol
2008-03-14 20:54 . 2008-03-14 20:54 <DIR> d-------- C:\Program Files\BillP Studios
2008-03-14 19:47 . 2008-03-14 19:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-14 19:39 . 2008-03-14 19:39 <DIR> d----c--- C:\Deckard
2008-03-14 17:19 . 2008-03-15 03:26 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-14 17:19 . 2008-03-15 03:26 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-14 17:18 . 2008-03-15 05:57 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-14 17:18 . 2008-03-15 03:26 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-14 11:48 . 2008-03-14 11:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-14 11:47 . 2008-03-14 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-14 11:42 . 2008-03-14 11:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-14 11:40 . 2008-03-15 05:39 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-14 11:29 . 2008-03-14 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-14 11:27 . 2008-03-14 11:27 <DIR> d-------- C:\Program Files\Windows Installer Clean Up

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 02:14 --------- d-----w C:\Documents and Settings\Josh\Application Data\uTorrent
2008-03-25 19:27 --------- d-----w C:\Documents and Settings\Josh\Application Data\AVG7
2008-03-23 12:12 --------- d-----w C:\Program Files\Pfe32
2008-03-22 10:58 --------- d-----w C:\Program Files\Google
2008-03-21 23:36 --------- d-----w C:\Program Files\LimeWire
2008-03-21 17:42 --------- d-----w C:\Program Files\Common Files\Real
2008-03-19 00:40 --------- d-----w C:\Program Files\PeerGuardian2
2008-03-18 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-18 17:40 --------- d-----w C:\Program Files\Symantec
2008-03-18 17:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-17 11:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-15 05:35 --------- d-----w C:\Program Files\PowerISO
2008-03-15 05:23 --------- d-----w C:\Program Files\iTunes
2008-03-15 05:19 --------- d-----w C:\Program Files\Digital Line Detect
2008-03-15 05:19 --------- d-----w C:\Program Files\DellSupport
2008-03-15 05:17 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-15 05:13 --------- d-----w C:\Program Files\BT Voyager 105 ADSL Modem
2008-03-15 05:12 --------- d-----w C:\Program Files\Bonjour
2008-03-15 05:12 --------- d-----w C:\Program Files\Apoint
2008-03-15 05:12 --------- d-----w C:\Program Files\AOL 9.0
2008-03-15 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-14 22:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-14 18:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-14 11:26 --------- d-----w C:\Program Files\MSECache
2008-03-14 10:27 --------- d-----w C:\Program Files\XoftSpy
2008-03-12 23:04 --------- d-----w C:\Program Files\Zoom Player
2008-03-06 13:43 --------- d-----w C:\Program Files\iPod
2008-03-06 13:36 --------- d-----w C:\Program Files\QuickTime Alternative
2008-03-04 15:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-24 17:52 --------- d-----w C:\Program Files\Channel4
2008-02-24 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Channel4
2008-02-22 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-22 16:38 --------- d-----w C:\Program Files\Microsoft Works
2008-02-15 21:05 --------- d-----w C:\Program Files\Winamp
2008-02-15 21:05 --------- d-----w C:\Documents and Settings\Josh\Application Data\Winamp
2008-02-07 23:48 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-05 20:54 --------- d-----w C:\Documents and Settings\Josh\Application Data\vlc
2008-02-05 20:53 --------- d-----w C:\Program Files\VideoLAN
2007-11-04 17:06 48,832 -c--a-w C:\Documents and Settings\Josh\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( [email protected]_10.56.13.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 08:00:00 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
- 2005-07-20 16:34:34 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-03-21 17:41:46 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2006-07-03 18:39:25 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-03-21 17:41:48 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2006-07-03 18:39:25 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-03-21 17:41:48 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2006-07-03 18:39:48 176,167 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-03-21 17:42:07 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 15:33 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 14:02 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 14:02 126976]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 13:59 385024]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 10:26 606208]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 15:19 53248]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 00:02 86016]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05 127035]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 15:10 1658965]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 12:47 16384]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-06-05 14:06 188416]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 04:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-14 11:31 579072]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-21 17:41 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-14 11:29 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Basic Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Basic Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Basic Help.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 22:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15784:TCP"= 15784:TCP:BitComet 15784 TCP
"15784:UDP"= 15784:UDP:BitComet 15784 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"21153:TCP"= 21153:TCP:utor

R2 SentinelLM;SentinelLM;"C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0.1 Server\English\lservnt.exe" [2002-07-10 06:20]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-22 12:35:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-18 13:24:07 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.2.25.1.sxt [email protected]
"2008-03-26 10:26:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-01 23:02:16 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-03-26 10:25:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\matlab6p5\bin\win32\matlab.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apntex.exe
.
**************************************************************************
.
Completion time: 2008-03-26 10:34:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-26 10:34:27
ComboFix2.txt 2008-03-24 00:43:02
ComboFix3.txt 2008-03-18 19:30:36
ComboFix4.txt 2008-03-18 10:56:48
.
2008-03-25 23:47:49 --- E O F ---


I do however think that my computers running better now, thanks for all your help.
sufcmad16 is offline  
Old 03-27-2008, 12:51 PM   #11
TSF Team, Emeritus
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,311
OS: Windows 98 & Windows XP Home/Pro

My System


What was the error it gave you? It looks like it did run successfully though :)

Your log is clean.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:47 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts