I think it started with "cannot find 5.tmp" and command service . . .

[stretch]

Spybot cleaned up command service in safe mode. Now I have SurfSideKick, uaw5wah6a and who knows what else. Any help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 7:00:42 PM, on 1/2/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\srvany.exe
C:\WINDOWS\system32\drivers\disdn\ntemp1\msbot\mirc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\USB FlashDisk\UFD Utility 2003\ufdlmon.exe
C:\Program Files\USB FlashDisk\UFD Utility 2003\UFDTool.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\ujtnzbw.exe
C:\WINDOWS\System32\ovauma1ep.exe
C:\WINDOWS\System32\svcchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NetWaiting\NetWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\mnew1winc4.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\pi2pl.exe
C:\WINDOWS\System32\vypqj.exe
C:\WINDOWS\System32\uaw5wah6a.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AT&T Global Network Client\NetClient.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\DllHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\5.tmp
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\system32\5.tmp
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Glwcick Class - {BDF4E4DF-B6BB-4ECE-8CD9-1880DEC7B82F} - C:\WINDOWS\System32\lqe2z.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UFD Monitor9382] C:\Program Files\USB FlashDisk\UFD Utility 2003\ufdlmon.exe
O4 - HKLM\..\Run: [UFD Utility9382] C:\Program Files\USB FlashDisk\UFD Utility 2003\UFDTool.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Security Management Service] C:\WINDOWS\system32\5.tmp
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [pVRV3eP] C:\WINDOWS\System32\ujtnzbw.exe
O4 - HKLM\..\Run: [sfpJk] "C:\WINDOWS\System32\ovauma1ep.exe"
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ms04237286092] C:\WINDOWS\ms04237286092.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\NetWaiting.exe
O4 - HKCU\..\Run: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Win32 Security Protocol] secure32.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [lrtsm] C:\WINDOWS\system32\qttsk.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe
O4 - HKCU\..\RunOnce: [NetSP - restore database] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D10E62CC-743A-4056-BCF6-3E7E1A46B3D9}: NameServer = 165.87.13.129,165.87.201.244
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {8660A526-27A4-4FBD-85B2-857E82A25971} - C:\WINDOWS\System32\lqe2z.dll
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\mujet35.dll (file missing)
O20 - Winlogon Notify: WLogon - srvc.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Windows Update Manager (MSPool) - Unknown owner - C:\WINDOWS\srvany.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\5.tmp (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows NT Logon Application (WINLOGON) - Unknown owner - C:\WINDOWS\system\winlogon.exe (file missing)

Panda Online Scan - next page

[stretch]

Panda Online Scan
Adware:Adware/DeluxeComunications Not disinfected C:\Program Files\DeluxeCommunications\DxcCore.dll
Adware:Adware/DeluxeComunications Not disinfected C:\Program Files\DeluxeCommunications\DxcBho.dll
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\System32\dxclib303562752.dll
Spyware:spyware/marketscore Not disinfected c:\windows\system32\rk.bin
Adware:adware/mirar Not disinfected c:\windows\system32\WinNB58.dll
Adware:adware program Not disinfected c:\winupdate.exe
Adware:adware/wintools Not disinfected Windows Registry
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\B L Foley\Local Settings\Temp\98E9.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\B L Foley\Local Settings\Temp\B7A1.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\B L Foley\Local Settings\Temp\C288.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\B L Foley\Local Settings\Temporary Internet Files\Content.IE5\OHYNGXY3\s2.5[1].exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\LocalService\Cookies\system@ads.addynamix[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\LocalService\Cookies\system@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\LocalService\Cookies\system@banners.searchingbooth[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\LocalService\Cookies\system@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\LocalService\Cookies\system@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\LocalService\Cookies\system@doubleclick[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\LocalService\Cookies\system@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\LocalService\Cookies\system@errorsafe[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\LocalService\Cookies\system@fastclick[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\LocalService\Cookies\system@fortunecity[2].txt
Spyware:Cookie/Diglnk Not disinfected C:\Documents and Settings\LocalService\Cookies\system@mbop[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\LocalService\Cookies\system@mediaplex[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\LocalService\Cookies\system@qksrv[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\LocalService\Cookies\system@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\LocalService\Cookies\system@server.iad.liveperson[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\LocalService\Cookies\system@stats.drivecleaner[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\LocalService\Cookies\system@trafficmp[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\LocalService\Cookies\system@www.drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\LocalService\Cookies\system@www.errorsafe[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\LocalService\Cookies\system@zedo[1].txt

[stretch]

Adware:Adware/DeluxeComunications Not disinfected C:\Program Files\DeluxeCommunications\Dxc.exe
Adware:Adware/Mirar Not disinfected C:\WINDOWS\876056.exe
Spyware:Spyware/7r7t Not disinfected C:\WINDOWS\srvrspofpo.exe
Adware:Adware/EliteBar Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KPABW9QF\8[1].cab
Adware:Adware/WinAD Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KPABW9QF\bridge-c267[1].cab[MediaAccX.dll]
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\1B66.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\313.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\3879.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\4F88.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\5DE6.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\6112.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\61D9.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\6A4.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\881B.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\8DB4.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\8F8E.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\9470.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\A8CF.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\AD87.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\AF26.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\B8D1.tmp
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\CE24.tmp
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Temp\cmdinst.exe
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\Temp\D183.tmp
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\Temp\i8.tmp
Adware:Adware/Mirar Not disinfected C:\WINDOWS\Temp\mit26.tmp[NNBar_VCSetup_876056.exe]
Adware:Adware/Mirar Not disinfected C:\WINDOWS\Temp\NNBar_VCSetup_876056.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Temp\Setup100.exe[Sos28.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Temp\Setup100.exe[TagASaurus.exe]
Adware:Adware/EliteBar Not disinfected C:\WINDOWS\Temp\wgfqof.htm
Adware:Adware/CommAd Not disinfected C:\WINDOWS\TSBTIEZvbGV5\asappsrv.dll
Adware:Adware/CommAd Not disinfected C:\WINDOWS\TSBTIEZvbGV5\command.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\TSBTIEZvbGV5\nm1nKHtSv3pc.vbs

[tashi]

Hello and sorry for the wait.

If you have not resolved the problem, we do have this sticky topic:

If you have waited four days for advice post here.

[little eagle]

Close all Browser and Program Windows and have HijackThis fix the following.
Do this by checking the box beside each and then clicking on Fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\5.tmp
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\system32\5.tmp
O2 - BHO: Glwcick Class - {BDF4E4DF-B6BB-4ECE-8CD9-1880DEC7B82F} - C:\WINDOWS\System32\lqe2z.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Security Management Service] C:\WINDOWS\system32\5.tmp
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKCU\..\Run: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKCU\..\Run: [Win32 Security Protocol] secure32.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [lrtsm] C:\WINDOWS\system32\qttsk.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O18 - Filter: text/html - {8660A526-27A4-4FBD-85B2-857E82A25971} - C:\WINDOWS\System32\lqe2z.dll
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\mujet35.dll (file missing)
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\5.tmp (file missing)

Reboot in safe mode, instructions here.
Some of these files my have hidden atributes.
Click Here Should you need instructions for Showing hidden files and folders in Windows.
Once in safe mode, Click start / then my computer / local disk then follow the process tree.
Or using Windows Explorer, locate the first file right click then select delete.

Delete the following file(s) listed in bold.
C:\WINDOWS\System32\lqe2z.dll
C:\WINDOWS\system32\5.tmp
svcchost.exe
C:\WINDOWS\cfg32.exe
MSPRCSS32.exe
secure32.exe
C:\WINDOWS\system32\qttsk.exe
C:\WINDOWS\System32\urdvxc.exe


Delete the following folder(s) listed in bold.

C:\Program Files\DeluxeCommunications


If you were unable to find any of the files then please follow these additional instructions:

Download Pocket Killbox and unzip it; save it to your Desktop.

Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

Let the system reboot.
Post back a fresh HijackThis log and we will take another look.

[stretch]

Logfile of HijackThis v1.99.1
Scan saved at 5:55:36 PM, on 1/14/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\srvany.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\drivers\disdn\ntemp1\msbot\mirc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\USB FlashDisk\UFD Utility 2003\ufdlmon.exe
C:\Program Files\USB FlashDisk\UFD Utility 2003\UFDTool.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\ujtnzbw.exe
C:\WINDOWS\System32\ovauma1ep.exe
C:\WINDOWS\System32\pi2pl.exe
C:\WINDOWS\System32\vypqj.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\uaw5wah6a.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NetWaiting\NetWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\mnew1winc4.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\AT&T Global Network Client\NetClient.exe
C:\WINDOWS\System32\DllHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Glwcick Class - {BDF4E4DF-B6BB-4ECE-8CD9-1880DEC7B82F} - C:\WINDOWS\System32\lqe2z.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UFD Monitor9382] C:\Program Files\USB FlashDisk\UFD Utility 2003\ufdlmon.exe
O4 - HKLM\..\Run: [UFD Utility9382] C:\Program Files\USB FlashDisk\UFD Utility 2003\UFDTool.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [pVRV3eP] C:\WINDOWS\System32\ujtnzbw.exe
O4 - HKLM\..\Run: [sfpJk] "C:\WINDOWS\System32\ovauma1ep.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ms04237286092] C:\WINDOWS\ms04237286092.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\NetWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\RunOnce: [NetSP - restore database] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D10E62CC-743A-4056-BCF6-3E7E1A46B3D9}: NameServer = 165.87.13.129,165.87.201.244
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {8660A526-27A4-4FBD-85B2-857E82A25971} - C:\WINDOWS\System32\lqe2z.dll
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: WLogon - srvc.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Windows Update Manager (MSPool) - Unknown owner - C:\WINDOWS\srvany.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\5.tmp (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows NT Logon Application (WINLOGON) - Unknown owner - C:\WINDOWS\system\winlogon.exe (file missing)

Could not find:
c:\windows\system32\5.tmp
c:\windows\system32\qttsk.exe
c:\windows\cfg32.exe
c:\windows\msprcss32.exe
c:\windows\secure32.exe

Pocket Killbox said: PendingFileRenameOperations Registry Data has been Removed by External Process

Found, but could not delete either the folder or its contents:
C:\Program Files\DeluxeCommunications

Thank you again.

[little eagle]

Download The Avenger Copyright © Swandog46
You must extract avenger.exe to your desktop, before you run it.
The Avenger must be run from a user account with administrator privileges,
and ONLY works on Windows 2000 and XP, and only on 32-bit versions!

Copy all the text contained in the code box below to your Clipboard.

Quote:

Files to delete:
c:\windows\system32\5.tmp
c:\windows\system32\qttsk.exe
c:\windows\cfg32.exe
c:\windows\msprcss32.exe
c:\windows\secure32.exe
Folders to delete:
C:\Program Files\DeluxeCommunications

The above script is for this user only, if you need help please start your own thread.

Start the Avenger.
Under "Script file to execute" choose "Input Script Manually".
Click on the Magnifying Glass icon which will open a new window titled "View/edit script".
Paste the entire text in into this window.
Click done, now click on the Green Light
Answer "Yes" twice when prompted.
Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.

After the restart, it will create a log file that should open.
This log file will be located at C:\avenger.txt
Paste the contents of the file into your reply along with a fresh HJT log.

[stretch]

Logfile of HijackThis v1.99.1
Scan saved at 9:41:04 PM, on 1/14/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\srvany.exe
C:\WINDOWS\system32\drivers\disdn\ntemp1\msbot\mirc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\USB FlashDisk\UFD Utility 2003\ufdlmon.exe
C:\Program Files\USB FlashDisk\UFD Utility 2003\UFDTool.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\ujtnzbw.exe
C:\WINDOWS\System32\ovauma1ep.exe
C:\WINDOWS\System32\vypqj.exe
C:\WINDOWS\System32\uaw5wah6a.exe
C:\WINDOWS\System32\pi2pl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NetWaiting\NetWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\mnew1winc4.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\AT&T Global Network Client\NetClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\DllHost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Glwcick Class - {BDF4E4DF-B6BB-4ECE-8CD9-1880DEC7B82F} - C:\WINDOWS\System32\lqe2z.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [UFD Monitor9382] C:\Program Files\USB FlashDisk\UFD Utility 2003\ufdlmon.exe
O4 - HKLM\..\Run: [UFD Utility9382] C:\Program Files\USB FlashDisk\UFD Utility 2003\UFDTool.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [pVRV3eP] C:\WINDOWS\System32\ujtnzbw.exe
O4 - HKLM\..\Run: [sfpJk] "C:\WINDOWS\System32\ovauma1ep.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ms04237286092] C:\WINDOWS\ms04237286092.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\NetWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\RunOnce: [NetSP - restore database] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D10E62CC-743A-4056-BCF6-3E7E1A46B3D9}: NameServer = 165.87.13.129,165.87.201.244
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {8660A526-27A4-4FBD-85B2-857E82A25971} - C:\WINDOWS\System32\lqe2z.dll
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: WLogon - srvc.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Windows Update Manager (MSPool) - Unknown owner - C:\WINDOWS\srvany.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\5.tmp (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows NT Logon Application (WINLOGON) - Unknown owner - C:\WINDOWS\system\winlogon.exe (file missing)



Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kdxsspot

*******************

Script file located at: \??\C:\WINDOWS\hpbcamia.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File c:\windows\system32\5.tmp not found!
Deletion of file c:\windows\system32\5.tmp failed!

Could not process line:
c:\windows\system32\5.tmp
Status: 0xc0000034



File c:\windows\system32\qttsk.exe not found!
Deletion of file c:\windows\system32\qttsk.exe failed!

Could not process line:
c:\windows\system32\qttsk.exe
Status: 0xc0000034



File c:\windows\cfg32.exe not found!
Deletion of file c:\windows\cfg32.exe failed!

Could not process line:
c:\windows\cfg32.exe
Status: 0xc0000034



File c:\windows\msprcss32.exe not found!
Deletion of file c:\windows\msprcss32.exe failed!

Could not process line:
c:\windows\msprcss32.exe
Status: 0xc0000034



File c:\windows\secure32.exe not found!
Deletion of file c:\windows\secure32.exe failed!

Could not process line:
c:\windows\secure32.exe
Status: 0xc0000034

Folder C:\Program Files\DeluxeCommunications deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[little eagle]

Download and install AVG Anti-Spyware (ewido). Then scan and post the report here.
Instructions and download link can be found here.

[stretch]

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:08:06 AM 1/16/2007

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : No action taken.
HKU\S-1-5-21-2134027135-2675126224-1450196635-1006\Software\DeluxeCommunications -> Adware.DeluxeCommunications : No action taken.
HKU\S-1-5-21-2134027135-2675126224-1450196635-1006\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : No action taken.
HKU\S-1-5-21-2134027135-2675126224-1450196635-1006\Software\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : No action taken.
C:\!KillBox\deluxecommunications\Dxc.exe -> Adware.SurfSide : No action taken.
C:\!KillBox\deluxecommunications\DxcBho.dll -> Adware.SurfSide : No action taken.
C:\!KillBox\deluxecommunications\DxcCore.dll -> Adware.SurfSide : No action taken.
C:\WINDOWS\SYSTEM32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
C:\avenger\DeluxeCommunications\Dxc.exe -> Adware.SurfSide : No action taken.
C:\avenger\DeluxeCommunications\DxcBho.dll -> Adware.SurfSide : No action taken.
C:\avenger\DeluxeCommunications\DxcCore.dll -> Adware.SurfSide : No action taken.
[1032] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1040] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1088] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1200] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1208] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1268] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1292] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1364] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1396] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1492] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1508] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1528] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1544] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1588] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1632] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1656] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1704] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1736] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1748] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1796] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1800] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1816] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[1940] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2004] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2084] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2172] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2204] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2232] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2288] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2304] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2392] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2428] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2444] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2452] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2460] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2508] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2560] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2676] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2776] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[2884] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[3140] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[620] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[788] C:\WINDOWS\System32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[836] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[848] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : No action taken.


::Report end