Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Discovered several Viruses and Malware

  1. #1
    Junior Member
    Join Date
    Apr 2008
    Posts
    6

    Exclamation Discovered several Viruses and Malware

    Hi, this is only the second or third time I have posted so sorry for any errors. Also I would like to thank all who can help.

    I recently found several virus and malware on family computer after the kids were on it. I think I have successfully removed all however Can some look at the following HJT log file the computer still seems to run slow. Thank you again for the help.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:28:28 PM, on 8/3/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 94.232.248.53 spy-wareprotector2009.com
    O1 - Hosts: 94.232.248.53 www.spy-wareprotector2009.com
    O1 - Hosts: 94.232.248.53 secure.spy-wareprotector2009.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    --
    End of file - 8248 bytes

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,644

    Default

    Hi Ulyssess

    Download at your desktop DDS from one of the links below:

    Link 1
    Link 2
    • Double click the tool to run it.
    • A black Screen will open, just read the contents and do nothing.
    • When the tool finish it will open 2 reports.
    • Copy/paste both reports back here and remove DDS from your desktop.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Junior Member
    Join Date
    Apr 2008
    Posts
    6

    Default DDS results

    Hi here are the results. Thanks again for your help.


    DDS (Ver_09-07-30.01) - NTFSx86
    Run by William Phipps at 21:17:59.27 on Tue 08/04/2009
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.589 [GMT -4:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    svchost.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscript.exe
    C:\Documents and Settings\William Phipps\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar =
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
    mRun: [<NO NAME>]
    mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
    mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~3.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\willia~1\applic~1\mozilla\firefox\profiles\gqw6a0qt.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

    ============= SERVICES / DRIVERS ===============

    R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [2009-8-2 36512]
    R0 csdf;csdf;c:\windows\system32\drivers\csdf.sys [2009-8-2 39456]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-2 11608]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-4 353672]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-2 185089]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-2 55640]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S3 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-2 108289]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]

    =============== Created Last 30 ================

    2009-08-04 03:00 4,212 a---h--- c:\windows\system32\zllictbl.dat
    2009-08-04 03:00 1,221,512 a------- c:\windows\system32\zpeng25.dll
    2009-08-04 03:00 <DIR> --d----- c:\windows\system32\ZoneLabs
    2009-08-04 03:00 <DIR> --d----- c:\program files\Zone Labs
    2009-08-04 03:00 350,192 a------- c:\windows\system32\vsconfig.xml
    2009-08-04 02:59 <DIR> --d----- c:\windows\Internet Logs
    2009-08-03 15:51 <DIR> --d----- c:\windows\system32\XPSViewer
    2009-08-03 15:50 <DIR> --d----- C:\e490f0745be266e9deab6fcd10
    2009-08-03 15:50 1,676,288 -------- c:\windows\system32\xpssvcs.dll
    2009-08-03 15:50 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
    2009-08-03 15:50 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-08-03 15:50 575,488 -------- c:\windows\system32\xpsshhdr.dll
    2009-08-03 15:50 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-08-03 15:50 117,760 -------- c:\windows\system32\prntvpt.dll
    2009-08-03 15:50 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-08-03 15:23 6,656 a--sh--- c:\windows\system32\Thumbs.db
    2009-08-03 15:23 43,520 a--sh--- c:\windows\Thumbs.db
    2009-08-03 15:10 <DIR> --d----- c:\windows\system32\Adobe
    2009-08-03 14:43 4 a------- c:\windows\csdf.bak
    2009-08-03 14:14 <DIR> --d----- c:\program files\VS Revo Group
    2009-08-03 14:14 <DIR> --d----- c:\program files\Defraggler
    2009-08-02 23:51 <DIR> --d----- c:\program files\Spybot - Search & Destroy
    2009-08-02 23:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2009-08-02 23:23 4 a------- c:\windows\csdf_sdum.dat
    2009-08-02 23:14 39,456 a------- c:\windows\system32\drivers\csdf.sys
    2009-08-02 23:14 36,512 a------- c:\windows\system32\drivers\crpf.sys
    2009-08-02 23:14 8,456 a------- c:\windows\system32\cnat.exe
    2009-08-02 23:14 <DIR> --d----- c:\program files\COMODO
    2009-08-02 23:07 <DIR> --d----- c:\program files\SpywareBlaster
    2009-08-02 19:30 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
    2009-08-02 19:30 <DIR> --d----- c:\program files\Avira
    2009-08-02 19:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
    2009-08-02 19:07 <DIR> --d----- c:\windows\pss
    2009-08-02 19:03 7,552 a------- c:\windows\system32\dllcache\nsmmc.sys
    2009-08-02 19:03 28,672 a------- c:\windows\system32\dllcache\nscirda.sys
    2009-08-02 19:02 87,040 a------- c:\windows\system32\dllcache\nm6wdm.sys
    2009-08-02 19:02 126,080 a------- c:\windows\system32\dllcache\nm5a2wdm.sys
    2009-08-02 19:02 32,840 a------- c:\windows\system32\dllcache\ngrpci.sys
    2009-08-02 19:02 132,695 a------- c:\windows\system32\dllcache\netwlan5.sys
    2009-08-02 19:02 53,248 a------- c:\windows\system32\dllcache\nextlink.dll
    2009-08-02 19:00 49,024 a------- c:\windows\system32\dllcache\mstape.sys
    2009-08-02 18:59 58,880 a------- c:\windows\system32\dllcache\m3092dc.dll
    2009-08-02 18:58 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
    2009-08-02 18:57 154,496 a------- c:\windows\system32\dllcache\icam4usb.sys
    2009-08-02 18:56 289,887 a------- c:\windows\system32\dllcache\hsf_fall.sys
    2009-08-02 18:55 59,136 a------- c:\windows\system32\dllcache\gckernel.sys
    2009-08-02 18:54 43,008 a------- c:\windows\system32\dllcache\esucm.dll
    2009-08-02 18:53 50,719 a------- c:\windows\system32\dllcache\e1000nt5.sys
    2009-08-02 18:52 117,760 a------- c:\windows\system32\dllcache\d100ib5.sys
    2009-08-02 18:51 171,264 a------- c:\windows\system32\dllcache\camdrv30.sys
    2009-08-02 18:50 77,568 a------- c:\windows\system32\dllcache\ati.sys
    2009-08-02 18:49 7,168 a------- c:\windows\system32\dllcache\wamregps.dll
    2009-08-02 18:49 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
    2009-08-02 18:49 169,984 a------- c:\windows\system32\dllcache\iisui.dll
    2009-08-02 18:49 19,968 a------- c:\windows\system32\dllcache\inetsloc.dll
    2009-08-02 18:49 7,680 a------- c:\windows\system32\dllcache\inetmgr.exe
    2009-08-02 18:49 14,336 a------- c:\windows\system32\dllcache\iisreset.exe
    2009-08-02 18:49 5,632 a------- c:\windows\system32\dllcache\iisrstap.dll
    2009-08-02 18:49 6,144 a------- c:\windows\system32\dllcache\ftpsapi2.dll
    2009-08-02 18:49 94,720 a------- c:\windows\system32\dllcache\certmap.ocx
    2009-08-02 17:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2009-08-02 17:07 <DIR> --d----- c:\program files\SUPERAntiSpyware
    2009-08-02 17:07 <DIR> --d----- c:\docume~1\willia~1\applic~1\SUPERAntiSpyware.com
    2009-08-02 17:06 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
    2009-08-02 16:46 <DIR> --d----- c:\docume~1\willia~1\applic~1\Malwarebytes
    2009-08-02 16:46 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-02 16:46 19,096 a------- c:\windows\system32\drivers\mbam.sys
    2009-08-02 16:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-08-02 16:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-08-02 16:40 <DIR> --d----- c:\program files\CCleaner
    2009-08-02 15:42 21,504 a------- c:\windows\system32\hidserv.dll
    2009-08-02 15:42 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
    2009-08-02 15:42 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
    2009-08-02 15:42 32,128 a------- c:\windows\system32\dllcache\usbccgp.sys

    ==================== Find3M ====================

    2009-08-03 12:54 5,852 a--sh--- c:\windows\system32\KGyGaAvL.sys
    2009-07-19 09:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
    2009-07-19 09:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
    2009-06-29 07:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
    2009-06-29 07:07 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
    2009-06-29 04:35 634,632 a------- c:\windows\system32\dllcache\iexplore.exe
    2009-06-29 04:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
    2009-06-29 04:33 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
    2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
    2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
    2009-06-16 10:36 81,920 a------- c:\windows\system32\dllcache\fontsub.dll
    2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
    2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
    2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
    2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
    2009-05-07 11:32 345,600 a------- c:\windows\system32\dllcache\localspl.dll
    2008-06-18 09:44 56 ---shr-- c:\windows\system32\9F0A13335E.sys
    2008-10-18 14:42 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101820081019\index.dat

    ============= FINISH: 21:18:49.38 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-07-30.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/19/2006 9:44:03 PM
    System Uptime: 8/4/2009 9:14:17 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0FJ030
    Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 228 GiB total, 137.451 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 8/2/2009 11:48:18 PM - System Checkpoint
    RP2: 8/2/2009 11:49:53 PM - prior to spybot install
    RP3: 8/3/2009 2:16:36 PM - Revo Uninstaller's restore point - Java 2 Runtime Environment, SE v1.4.2_03
    RP4: 8/3/2009 2:16:58 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
    RP5: 8/3/2009 2:19:13 PM - Revo Uninstaller's restore point - J2SE Runtime Environment 5.0 Update 6
    RP6: 8/3/2009 2:19:30 PM - Removed J2SE Runtime Environment 5.0 Update 6
    RP7: 8/3/2009 2:21:07 PM - Revo Uninstaller's restore point - J2SE Runtime Environment 5.0 Update 9
    RP8: 8/3/2009 2:21:24 PM - Removed J2SE Runtime Environment 5.0 Update 9
    RP9: 8/3/2009 2:22:37 PM - Revo Uninstaller's restore point - J2SE Runtime Environment 5.0 Update 10
    RP10: 8/3/2009 2:22:54 PM - Removed J2SE Runtime Environment 5.0 Update 10
    RP11: 8/3/2009 2:48:48 PM - Revo Uninstaller's restore point - Adobe Reader 7.0
    RP12: 8/3/2009 2:49:15 PM - Removed Adobe Reader 7.0
    RP13: 8/3/2009 3:12:48 PM - Installed Adobe Reader 9.1.
    RP14: 8/3/2009 3:33:45 PM - Software Distribution Service 3.0
    RP15: 8/3/2009 3:47:46 PM - Software Distribution Service 3.0
    RP16: 8/3/2009 4:05:28 PM - Printer Driver Microsoft XPS Document Writer Installed

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1.3
    Adobe Shockwave Player 11.5
    AOLIcon
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    Canon Camera Access Library
    Canon Camera Support Core Library
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MOV Decoder
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CCleaner (remove only)
    COMODO System Cleaner 1.1.64946.38(32bit)
    Conexant D850 56K V.9x DFVc Modem
    Corel Paint Shop Pro X
    Corel Photo Album 6
    Defraggler (remove only)
    Dell CinePlayer
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Support Center (Support Software)
    Dell System Restore
    DellSupport
    Digital Content Portal
    EducateU
    ELIcon
    ESPNMotion
    GemMaster Mystic
    Google Toolbar for Internet Explorer
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB954550-v5)
    Intel Matrix Storage Manager
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    Intel(R) Quick Resume Technology Drivers
    Intel® Viiv™
    iPod for Windows 2006-03-23
    iTunes
    Java(TM) 6 Update 13
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Learn2 Player (Uninstall Only)
    Logitech Desktop Messenger
    Logitech Harmony Remote Software 7
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Modem Helper
    Mozilla Firefox (3.5.1)
    MSN Toolbar
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    NetWaiting
    NVIDIA Drivers
    Otto
    QuickTime
    RealPlayer
    Registry Mechanic 8.0
    Remote Control USB Driver
    Revo Uninstaller 1.83
    Rhapsody Player Engine
    Roxio DLA
    Roxio MyDVD LE
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923689)
    Sonic Activation Module
    Sonic Encoders
    Sonic Update Manager
    SoulSeek 157 NS 13c
    Spybot - Search & Destroy
    SpywareBlaster 4.2
    SUPERAntiSpyware Free Edition
    VC 9.0 Runtime
    WebFldrs XP
    Windows Defender
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Service Pack 3
    WordPerfect Office 12
    ZoneAlarm

    ==== Event Viewer Messages From Past Week ========

    8/3/2009 3:33:56 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001372138F0E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    8/2/2009 9:59:09 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    8/2/2009 7:23:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
    8/2/2009 7:03:05 PM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is William Phipps.
    8/2/2009 7:03:01 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npdrmv2.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    8/2/2009 6:50:35 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npwmsdrm.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    8/2/2009 6:50:33 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npdsplay.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    8/2/2009 6:50:22 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\mplayer2.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    8/2/2009 6:49:29 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
    8/2/2009 10:00:59 PM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting.

    ==== End Of File ===========================

  4. #4
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,644

    Default

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    SoulSeek 157 NS 13c


    I'd like you to read the this thread.

    Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

    Please run a new DDS scan when finished and post the logs back here.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Junior Member
    Join Date
    Apr 2008
    Posts
    6

    Default New log Files

    Hi, thanks again for all of your help. I had no idea these things were on the computer, unfortunately I just had relatives in town for 3 weeks and my kids and theirs where all over the computer for 3 weeks. Here are the new log files, please let me know what else I can clean out. The HJT log seemed to show many entries I don’t recognize. It’s making me very uncomfortable.



    DDS (Ver_09-07-30.01) - NTFSx86
    Run by William Phipps at 9:34:41.78 on Wed 08/05/2009
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.634 [GMT -4:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    svchost.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Documents and Settings\William Phipps\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar =
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
    mRun: [<NO NAME>]
    mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
    mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~3.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\willia~1\applic~1\mozilla\firefox\profiles\gqw6a0qt.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

    ============= SERVICES / DRIVERS ===============

    R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [2009-8-2 36512]
    R0 csdf;csdf;c:\windows\system32\drivers\csdf.sys [2009-8-2 39456]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-2 11608]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-4 353672]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-2 185089]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-2 55640]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S3 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-2 108289]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]

    =============== Created Last 30 ================

    2009-08-04 03:00 4,212 a---h--- c:\windows\system32\zllictbl.dat
    2009-08-04 03:00 1,221,512 a------- c:\windows\system32\zpeng25.dll
    2009-08-04 03:00 <DIR> --d----- c:\windows\system32\ZoneLabs
    2009-08-04 03:00 <DIR> --d----- c:\program files\Zone Labs
    2009-08-04 03:00 350,192 a------- c:\windows\system32\vsconfig.xml
    2009-08-04 02:59 <DIR> --d----- c:\windows\Internet Logs
    2009-08-03 15:51 <DIR> --d----- c:\windows\system32\XPSViewer
    2009-08-03 15:50 <DIR> --d----- C:\e490f0745be266e9deab6fcd10
    2009-08-03 15:50 1,676,288 -------- c:\windows\system32\xpssvcs.dll
    2009-08-03 15:50 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
    2009-08-03 15:50 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-08-03 15:50 575,488 -------- c:\windows\system32\xpsshhdr.dll
    2009-08-03 15:50 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-08-03 15:50 117,760 -------- c:\windows\system32\prntvpt.dll
    2009-08-03 15:50 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-08-03 15:23 6,656 a--sh--- c:\windows\system32\Thumbs.db
    2009-08-03 15:23 43,520 a--sh--- c:\windows\Thumbs.db
    2009-08-03 15:10 <DIR> --d----- c:\windows\system32\Adobe
    2009-08-03 14:43 4 a------- c:\windows\csdf.bak
    2009-08-03 14:14 <DIR> --d----- c:\program files\VS Revo Group
    2009-08-03 14:14 <DIR> --d----- c:\program files\Defraggler
    2009-08-02 23:51 <DIR> --d----- c:\program files\Spybot - Search & Destroy
    2009-08-02 23:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2009-08-02 23:23 4 a------- c:\windows\csdf_sdum.dat
    2009-08-02 23:14 39,456 a------- c:\windows\system32\drivers\csdf.sys
    2009-08-02 23:14 36,512 a------- c:\windows\system32\drivers\crpf.sys
    2009-08-02 23:14 8,456 a------- c:\windows\system32\cnat.exe
    2009-08-02 23:14 <DIR> --d----- c:\program files\COMODO
    2009-08-02 23:07 <DIR> --d----- c:\program files\SpywareBlaster
    2009-08-02 19:30 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
    2009-08-02 19:30 <DIR> --d----- c:\program files\Avira
    2009-08-02 19:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
    2009-08-02 19:07 <DIR> --d----- c:\windows\pss
    2009-08-02 19:03 7,552 a------- c:\windows\system32\dllcache\nsmmc.sys
    2009-08-02 19:03 28,672 a------- c:\windows\system32\dllcache\nscirda.sys
    2009-08-02 19:02 87,040 a------- c:\windows\system32\dllcache\nm6wdm.sys
    2009-08-02 19:02 126,080 a------- c:\windows\system32\dllcache\nm5a2wdm.sys
    2009-08-02 19:02 32,840 a------- c:\windows\system32\dllcache\ngrpci.sys
    2009-08-02 19:02 132,695 a------- c:\windows\system32\dllcache\netwlan5.sys
    2009-08-02 19:02 53,248 a------- c:\windows\system32\dllcache\nextlink.dll
    2009-08-02 19:00 49,024 a------- c:\windows\system32\dllcache\mstape.sys
    2009-08-02 18:59 58,880 a------- c:\windows\system32\dllcache\m3092dc.dll
    2009-08-02 18:58 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
    2009-08-02 18:57 154,496 a------- c:\windows\system32\dllcache\icam4usb.sys
    2009-08-02 18:56 289,887 a------- c:\windows\system32\dllcache\hsf_fall.sys
    2009-08-02 18:55 59,136 a------- c:\windows\system32\dllcache\gckernel.sys
    2009-08-02 18:54 43,008 a------- c:\windows\system32\dllcache\esucm.dll
    2009-08-02 18:53 50,719 a------- c:\windows\system32\dllcache\e1000nt5.sys
    2009-08-02 18:52 117,760 a------- c:\windows\system32\dllcache\d100ib5.sys
    2009-08-02 18:51 171,264 a------- c:\windows\system32\dllcache\camdrv30.sys
    2009-08-02 18:50 77,568 a------- c:\windows\system32\dllcache\ati.sys
    2009-08-02 18:49 7,168 a------- c:\windows\system32\dllcache\wamregps.dll
    2009-08-02 18:49 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
    2009-08-02 18:49 169,984 a------- c:\windows\system32\dllcache\iisui.dll
    2009-08-02 18:49 19,968 a------- c:\windows\system32\dllcache\inetsloc.dll
    2009-08-02 18:49 7,680 a------- c:\windows\system32\dllcache\inetmgr.exe
    2009-08-02 18:49 14,336 a------- c:\windows\system32\dllcache\iisreset.exe
    2009-08-02 18:49 5,632 a------- c:\windows\system32\dllcache\iisrstap.dll
    2009-08-02 18:49 6,144 a------- c:\windows\system32\dllcache\ftpsapi2.dll
    2009-08-02 18:49 94,720 a------- c:\windows\system32\dllcache\certmap.ocx
    2009-08-02 17:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2009-08-02 17:07 <DIR> --d----- c:\program files\SUPERAntiSpyware
    2009-08-02 17:07 <DIR> --d----- c:\docume~1\willia~1\applic~1\SUPERAntiSpyware.com
    2009-08-02 17:06 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
    2009-08-02 16:46 <DIR> --d----- c:\docume~1\willia~1\applic~1\Malwarebytes
    2009-08-02 16:46 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-02 16:46 19,096 a------- c:\windows\system32\drivers\mbam.sys
    2009-08-02 16:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-08-02 16:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-08-02 16:40 <DIR> --d----- c:\program files\CCleaner
    2009-08-02 15:42 21,504 a------- c:\windows\system32\hidserv.dll
    2009-08-02 15:42 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
    2009-08-02 15:42 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
    2009-08-02 15:42 32,128 a------- c:\windows\system32\dllcache\usbccgp.sys

    ==================== Find3M ====================

    2009-08-03 12:54 5,852 a--sh--- c:\windows\system32\KGyGaAvL.sys
    2009-07-19 09:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
    2009-07-19 09:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
    2009-06-29 07:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
    2009-06-29 07:07 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
    2009-06-29 04:35 634,632 a------- c:\windows\system32\dllcache\iexplore.exe
    2009-06-29 04:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
    2009-06-29 04:33 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
    2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
    2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
    2009-06-16 10:36 81,920 a------- c:\windows\system32\dllcache\fontsub.dll
    2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
    2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
    2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
    2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
    2009-05-07 11:32 345,600 a------- c:\windows\system32\dllcache\localspl.dll
    2008-06-18 09:44 56 ---shr-- c:\windows\system32\9F0A13335E.sys
    2008-10-18 14:42 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101820081019\index.dat

    ============= FINISH: 9:35:29.68 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-07-30.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/19/2006 9:44:03 PM
    System Uptime: 8/5/2009 9:25:09 AM (0 hours ago)

    Motherboard: Dell Inc. | | 0FJ030
    Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 228 GiB total, 137.325 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 8/2/2009 11:48:18 PM - System Checkpoint
    RP2: 8/2/2009 11:49:53 PM - prior to spybot install
    RP3: 8/3/2009 2:16:36 PM - Revo Uninstaller's restore point - Java 2 Runtime Environment, SE v1.4.2_03
    RP4: 8/3/2009 2:16:58 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
    RP5: 8/3/2009 2:19:13 PM - Revo Uninstaller's restore point - J2SE Runtime Environment 5.0 Update 6
    RP6: 8/3/2009 2:19:30 PM - Removed J2SE Runtime Environment 5.0 Update 6
    RP7: 8/3/2009 2:21:07 PM - Revo Uninstaller's restore point - J2SE Runtime Environment 5.0 Update 9
    RP8: 8/3/2009 2:21:24 PM - Removed J2SE Runtime Environment 5.0 Update 9
    RP9: 8/3/2009 2:22:37 PM - Revo Uninstaller's restore point - J2SE Runtime Environment 5.0 Update 10
    RP10: 8/3/2009 2:22:54 PM - Removed J2SE Runtime Environment 5.0 Update 10
    RP11: 8/3/2009 2:48:48 PM - Revo Uninstaller's restore point - Adobe Reader 7.0
    RP12: 8/3/2009 2:49:15 PM - Removed Adobe Reader 7.0
    RP13: 8/3/2009 3:12:48 PM - Installed Adobe Reader 9.1.
    RP14: 8/3/2009 3:33:45 PM - Software Distribution Service 3.0
    RP15: 8/3/2009 3:47:46 PM - Software Distribution Service 3.0
    RP16: 8/3/2009 4:05:28 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP17: 8/4/2009 9:46:12 PM - System Checkpoint
    RP18: 8/5/2009 9:21:05 AM - Revo Uninstaller's restore point - SoulSeek 157 NS 13c

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1.3
    Adobe Shockwave Player 11.5
    AOLIcon
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    Canon Camera Access Library
    Canon Camera Support Core Library
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MOV Decoder
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CCleaner (remove only)
    COMODO System Cleaner 1.1.64946.38(32bit)
    Conexant D850 56K V.9x DFVc Modem
    Corel Paint Shop Pro X
    Corel Photo Album 6
    Defraggler (remove only)
    Dell CinePlayer
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Support Center (Support Software)
    Dell System Restore
    DellSupport
    Digital Content Portal
    EducateU
    ELIcon
    ESPNMotion
    GemMaster Mystic
    Google Toolbar for Internet Explorer
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB954550-v5)
    Intel Matrix Storage Manager
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    Intel(R) Quick Resume Technology Drivers
    Intel® Viiv™
    iPod for Windows 2006-03-23
    iTunes
    Java(TM) 6 Update 13
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Learn2 Player (Uninstall Only)
    Logitech Desktop Messenger
    Logitech Harmony Remote Software 7
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Modem Helper
    Mozilla Firefox (3.5.2)
    MSN Toolbar
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    NetWaiting
    NVIDIA Drivers
    Otto
    QuickTime
    RealPlayer
    Registry Mechanic 8.0
    Remote Control USB Driver
    Revo Uninstaller 1.83
    Rhapsody Player Engine
    Roxio DLA
    Roxio MyDVD LE
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923689)
    Sonic Activation Module
    Sonic Encoders
    Sonic Update Manager
    Spybot - Search & Destroy
    SpywareBlaster 4.2
    SUPERAntiSpyware Free Edition
    VC 9.0 Runtime
    WebFldrs XP
    Windows Defender
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Service Pack 3
    WordPerfect Office 12
    ZoneAlarm

    ==== Event Viewer Messages From Past Week ========

    8/3/2009 3:33:56 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001372138F0E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    8/2/2009 9:59:09 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    8/2/2009 7:23:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
    8/2/2009 7:03:05 PM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is William Phipps.
    8/2/2009 7:03:01 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npdrmv2.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    8/2/2009 6:50:35 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npwmsdrm.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    8/2/2009 6:50:33 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npdsplay.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    8/2/2009 6:50:22 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\mplayer2.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
    8/2/2009 6:49:29 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
    8/2/2009 10:00:59 PM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting.

    ==== End Of File ===========================

  6. #6
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,644

    Default

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply along with a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #7
    Junior Member
    Join Date
    Apr 2008
    Posts
    6

    Default Kaspersky Problem

    Hi, sorry for the delay I had a family emergency and had to leave town. As for your last instructions I tried to run the scanner but I get an error message. "Kaspersky online scanner 7.0 [ERROR: Antivirus bases have been updated after key expiration]. I dont know what I may be doing wrong. sorry, I feel so stupid.....

  8. #8
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,644

    Default

    Please run this instead:

    Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
    Note: You - will - need to use Internet Explorer for this scan!
    1. Check the box next to "YES, I accept the Terms of Use."
    2. Click "Start"
    3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
      Once installed, the scanner will be initialized.
    4. Click "Start". Make sure that the options:
      • Remove found threats is UNCHECKED
      • Scan unwanted applications is CHECKED
    5. Click "Scan"
    6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
    7. Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
    8. Copy and paste the contents of log.txt in your next reply.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  9. #9
    Junior Member
    Join Date
    Apr 2008
    Posts
    6

    Default scan resuts

    Here are the scan results you requested. I was finally able to get them to work.

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=6
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.5889
    # api_version=3.0.2
    # EOSSerial=574a6d1f2aed4941b731daa79a9d20e7
    # end=stopped
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2009-08-09 07:11:34
    # local_time=2009-08-09 03:11:34 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1797 21 100 100 5889225312500
    # compatibility_mode=5889 61 66 100 872487386562500
    # scanned=22071
    # found=0
    # cleaned=0
    # scan_time=558
    esets_scanner_update returned -1 esets_gle=53251
    # version=6
    # iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339)
    # OnlineScanner.ocx=1.0.0.5889
    # api_version=3.0.2
    # EOSSerial=574a6d1f2aed4941b731daa79a9d20e7
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2009-08-09 08:14:05
    # local_time=2009-08-09 04:14:05 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1797 21 100 100 5926734687500
    # compatibility_mode=5889 61 66 100 872524895937500
    # scanned=84534
    # found=0
    # cleaned=0
    # scan_time=3352



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:59:16 PM, on 8/9/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 94.232.248.53 spy-wareprotector2009.com
    O1 - Hosts: 94.232.248.53 www.spy-wareprotector2009.com
    O1 - Hosts: 94.232.248.53 secure.spy-wareprotector2009.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 8487 bytes

  10. #10
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,644

    Default

    Download HostsXpert and unzip it to your desktop.

    Open HostsXpert that you earlier unzipped on your desktop

    • Click "Make Hosts Writable?" upper right corner (if available)
    • Click "Restore Microsoft's Original Hosts File" and then click OK
    • Close HostsXpert

    Note; IF you used any custom Hosts (eg. MVPS Hosts), you will have put them back manually

    Post back a fresh HijackThis log and tell me if you have any issues left?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •