Member Avatar for alanmc

I have a laptop computer using a tower as a gateway to the internet. I cannot access some websites using any browser. I've tried using IE, Firefox and Netscape. All with the same results. Some examples of websites I can't access are:

http://www.oceanfree.net
http://www.hotmail.com
http://www.medoceanproperties.com
http://www.microsoft.com

I've attached a HijackThis log from the offending machine. If you guys can help me, it'd be great. I've tried various things:

- Clearing the TLS 1.0 and PCT 1.0 flags
- sfc /scannow
- Spybot scan
- Lavasoft AdAware scan

Nothing seems to have made a difference.

Al.

Logfile of HijackThis v1.99.1
Scan saved at 16:06:01, on 11/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Al2\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [\\User-dfaf98d9bd\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P44 "\\User-dfaf98d9bd\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3600 Series on User-dfaf98d9bd] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P50 "Auto EPSON Stylus CX3600 Series on User-dfaf98d9bd" /O26 "\\USER-DFAF98D9BD\Printer3" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B889F7C-AD2B-410B-89B1-6FD193054B4F}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{A602A185-D747-47A0-AA5E-93449F164EA3}: NameServer = 80.58.61.250,80.58.61.254
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • 2 Contributors
  • 9 Replies
  • 139 Views
  • 3 Weeks Discussion Span
  • Latest Post Latest Post by kylethedarkn
Member Avatar for alanmc

Could somebody have a quick look at my HijackThis trace and point me in the right direction. I'd very much appreciate it. I'm nearing the point where I'm just going to re-install the laptop. A drastic measure, but it'd be an almost guaranteed solution to the problem.

Thanks,
Al.

Member Avatar for kylethedarkn

I dont see anything but try the following.

Please download and install ewido anti-spyware tool

  • Close all other Applications Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait Ewido will open main screen automatically.
  • Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
  • This in very important to get updates
  • When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE

    You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

  • Open Ewido
  • Click on scanner top of Ewido sceen
  • Click on Settings
  • Under How to Act click on Recommended Action choose Quarantine
  • Under How to scan all boxes should be selected
  • Under Possibly unwanted software all boxes should be selected
  • On right side under Reports: click on Automatically generate report after every scan.
  • Under What to scan select scan every file
  • Click On scan Tab
  • Click on Complete system scan
  • Let the program scan the machine It can take awhile give it time.
  • When scan has finished At bottom of screen click Apply all Actions
  • Click Save report
  • Click Save Report as (Save as window's screen should pop up.)
  • Click desktop
  • Click Save
  • Exit ewido

Reboot back to normal mode

Post the ewido log here and a new HJT log.

Member Avatar for alanmc

Thanks, I´ll try this tomorrow and repost with the logs.

Al.

Member Avatar for alanmc

OK, so I'm attaching the Ewido log file. I didn't get a chance to do new HijackThis log. Prob won't get to that until Monday.

I really appreciate you taking the time to look at these logs for me.

Al.

LaptopScan140706.txt (19.98 KB)
Member Avatar for kylethedarkn

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.

Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.


Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Just do these when you get around to it and dont forget to give me the HJT from AFTER the vundofix.

Member Avatar for alanmc

Sorry about the late reply. Been very busy at work!

Here are the attached logs:

A HijackThis log before CCleaner and vundofix
A CCleaner log
And a HijackThis log afterwards

ANALYSIS COMPLETE - (32.233 secs)
------------------------------------------------------------------------------------------
275.9MB to be removed. (Approximate size)
------------------------------------------------------------------------------------------
Details of files to be deleted (Note: No files have been deleted yet)
------------------------------------------------------------------------------------------
IE Temporary Internet Files (430 files) 2.16MB
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@aj.daniweb[1].txt 191 bytes
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@daniweb[1].txt 1.05KB
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@google[1].txt 131 bytes
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@google[2].txt 130 bytes
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@msn[2].txt 102 bytes
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@msn[3].txt 101 bytes
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@updates.installshield[2].txt 117 bytes
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@www.daniweb[2].txt 167 bytes
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@www.msn[1].txt 67 bytes
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\desktop.ini 113 bytes
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006013020060206\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006020220060203\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006022020060221\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006022120060222\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006022220060223\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006022420060225\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006062620060703\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006070320060710\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006071020060717\index.dat 48.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006071720060718\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006071820060719\index.dat 64.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006072120060722\index.dat 32.00KB
Marked for deletion: C:\Documents and Settings\Med Ocean Properties\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Documents and Settings\Med Ocean Properties\Cookies\index.dat
Marked for deletion: C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\index.dat
Marked for deletion: C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\mshist012006020220060203\index.dat
Emptied Recycle Bin (16 files) 230.5MB
C:\WINDOWS\TEMP\915M.cat 7.33KB
C:\WINDOWS\TEMP\915M.inf 3.29KB
C:\WINDOWS\TEMP\Cookies\index.dat 32.00KB
C:\WINDOWS\TEMP\Cookies\med ocean properties@mcafee[1].txt 83 bytes
C:\WINDOWS\TEMP\History\History.IE5\desktop.ini 113 bytes
C:\WINDOWS\TEMP\History\History.IE5\index.dat 32.00KB
C:\WINDOWS\TEMP\ich6core.cat 8.03KB
C:\WINDOWS\TEMP\ich6core.inf 4.71KB
C:\WINDOWS\TEMP\ich6ide.cat 7.54KB
C:\WINDOWS\TEMP\ich6ide.inf 3.64KB
C:\WINDOWS\TEMP\ich6usb.cat 9.05KB
C:\WINDOWS\TEMP\ich6usb.inf 3.80KB
C:\WINDOWS\TEMP\mcu10.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu10.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu10.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu10.tmp\UpdResp.mcaf 779 bytes
C:\WINDOWS\TEMP\mcu10E.tmp\agentins.cab 73.96KB
C:\WINDOWS\TEMP\mcu10E.tmp\agentins.inf 662 bytes
C:\WINDOWS\TEMP\mcu10E.tmp\agentins.ui 74.22KB
C:\WINDOWS\TEMP\mcu10E.tmp\AgentVer.ini 7.53KB
C:\WINDOWS\TEMP\mcu10E.tmp\AgntIcfg.ini 797 bytes
C:\WINDOWS\TEMP\mcu10E.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu10E.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu10E.tmp\mcuninst.dll 0.11MB
C:\WINDOWS\TEMP\mcu10E.tmp\mps\en-gb\com\mpscfg.cab 1.36MB
C:\WINDOWS\TEMP\mcu10E.tmp\mps\mpsmain.cab 0.44MB
C:\WINDOWS\TEMP\mcu10E.tmp\mps\mpsmon.cab 0.13MB
C:\WINDOWS\TEMP\mcu10E.tmp\mps\winnt\mps.cab 0.13MB
C:\WINDOWS\TEMP\mcu10E.tmp\mpscfg.ini 614 bytes
C:\WINDOWS\TEMP\mcu10E.tmp\mpsins.cab 102.08KB
C:\WINDOWS\TEMP\mcu10E.tmp\mpsins.inf 678 bytes
C:\WINDOWS\TEMP\mcu10E.tmp\mpsins.ui 63.14KB
C:\WINDOWS\TEMP\mcu10E.tmp\MpsVer.Ini 3.55KB
C:\WINDOWS\TEMP\mcu10E.tmp\UpdReq.mcaf 987 bytes
C:\WINDOWS\TEMP\mcu10E.tmp\UpdResp.mcaf 1.92KB
C:\WINDOWS\TEMP\mcu11.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu11.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu11.tmp\vso\46934694.upm 45.73KB
C:\WINDOWS\TEMP\mcu11.tmp\vso\mcdelta.ini 995 bytes
C:\WINDOWS\TEMP\mcu116.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu116.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu116.tmp\UpdReq.mcaf 1.42KB
C:\WINDOWS\TEMP\mcu116.tmp\UpdResp.mcaf 778 bytes
C:\WINDOWS\TEMP\mcu12.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu12.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu12.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu12.tmp\UpdResp.mcaf 781 bytes
C:\WINDOWS\TEMP\mcu121.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu121.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu121.tmp\vso\47394740.upm 15.58KB
C:\WINDOWS\TEMP\mcu121.tmp\vso\mcdelta.ini 996 bytes
C:\WINDOWS\TEMP\mcu12F.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu12F.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu12F.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu12F.tmp\UpdResp.mcaf 781 bytes
C:\WINDOWS\TEMP\mcu13.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu13.tmp\UpdResp.mcaf 954 bytes
C:\WINDOWS\TEMP\mcu13.tmp\vso\47054706.upm 21.06KB
C:\WINDOWS\TEMP\mcu13.tmp\vso\47064707.upm 28.45KB
C:\WINDOWS\TEMP\mcu13.tmp\vso\mcdelta.ini 995 bytes
C:\WINDOWS\TEMP\mcu134.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu134.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu134.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu134.tmp\UpdResp.mcaf 779 bytes
C:\WINDOWS\TEMP\mcu13A.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu13A.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu13A.tmp\vso\47614762.upm 34.11KB
C:\WINDOWS\TEMP\mcu13A.tmp\vso\mcdelta.ini 996 bytes
C:\WINDOWS\TEMP\mcu14.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu14.tmp\UpdResp.mcaf 1.07KB
C:\WINDOWS\TEMP\mcu14.tmp\vso\47114712.upm 21.38KB
C:\WINDOWS\TEMP\mcu14.tmp\vso\47124713.upm 32.59KB
C:\WINDOWS\TEMP\mcu14.tmp\vso\47134714.upm 24.11KB
C:\WINDOWS\TEMP\mcu14.tmp\vso\mcdelta.ini 992 bytes
C:\WINDOWS\TEMP\mcu15.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu15.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu15.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu15.tmp\UpdResp.mcaf 779 bytes
C:\WINDOWS\TEMP\mcu16.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu16.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu16.tmp\vso\47244725.upm 24.79KB
C:\WINDOWS\TEMP\mcu16.tmp\vso\mcdelta.ini 993 bytes
C:\WINDOWS\TEMP\mcu17.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu17.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu17.tmp\vso\47254726.upm 21.43KB
C:\WINDOWS\TEMP\mcu17.tmp\vso\mcdelta.ini 993 bytes
C:\WINDOWS\TEMP\mcu18.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu18.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu18.tmp\vso\46914692.upm 54.84KB
C:\WINDOWS\TEMP\mcu18.tmp\vso\mcdelta.ini 994 bytes
C:\WINDOWS\TEMP\mcu19.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu19.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu19.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu19.tmp\UpdResp.mcaf 781 bytes
C:\WINDOWS\TEMP\mcu19C.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu19C.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu19C.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu19C.tmp\UpdResp.mcaf 776 bytes
C:\WINDOWS\TEMP\mcu1A.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu1A.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu1A.tmp\vso\47164717.upm 27.26KB
C:\WINDOWS\TEMP\mcu1A.tmp\vso\mcdelta.ini 993 bytes
C:\WINDOWS\TEMP\mcu1A1.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu1A1.tmp\UpdResp.mcaf 1.07KB
C:\WINDOWS\TEMP\mcu1A1.tmp\vso\47074708.upm 23.64KB
C:\WINDOWS\TEMP\mcu1A1.tmp\vso\47084709.upm 39.02KB
C:\WINDOWS\TEMP\mcu1A1.tmp\vso\47094710.upm 47.35KB
C:\WINDOWS\TEMP\mcu1A1.tmp\vso\mcdelta.ini 994 bytes
C:\WINDOWS\TEMP\mcu1B.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu1B.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu1B.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu1B.tmp\UpdResp.mcaf 779 bytes
C:\WINDOWS\TEMP\mcu1C.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu1C.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu1C.tmp\vso\47304731.upm 3.88KB
C:\WINDOWS\TEMP\mcu1C.tmp\vso\mcdelta.ini 995 bytes
C:\WINDOWS\TEMP\mcu1D.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu1D.tmp\UpdResp.mcaf 954 bytes
C:\WINDOWS\TEMP\mcu1D.tmp\vso\46994700.upm 23.02KB
C:\WINDOWS\TEMP\mcu1D.tmp\vso\47004701.upm 43.96KB
C:\WINDOWS\TEMP\mcu1D.tmp\vso\mcdelta.ini 996 bytes
C:\WINDOWS\TEMP\mcu1E.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu1E.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu1E.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu1E.tmp\UpdResp.mcaf 779 bytes
C:\WINDOWS\TEMP\mcu1F.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu1F.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu1F.tmp\vso\47284729.upm 24.73KB
C:\WINDOWS\TEMP\mcu1F.tmp\vso\mcdelta.ini 994 bytes
C:\WINDOWS\TEMP\mcu20.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu20.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu20.tmp\vso\47014702.upm 39.24KB
C:\WINDOWS\TEMP\mcu20.tmp\vso\mcdelta.ini 995 bytes
C:\WINDOWS\TEMP\mcu21.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu21.tmp\UpdResp.mcaf 954 bytes
C:\WINDOWS\TEMP\mcu21.tmp\vso\47144715.upm 25.19KB
C:\WINDOWS\TEMP\mcu21.tmp\vso\47154716.upm 521 bytes
C:\WINDOWS\TEMP\mcu21.tmp\vso\mcdelta.ini 992 bytes
C:\WINDOWS\TEMP\mcu22.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu22.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu22.tmp\
Logfile of HijackThis v1.99.1
Scan saved at 18:33:09, on 21/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Al2\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [\\User-dfaf98d9bd\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P44 "\\User-dfaf98d9bd\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3600 Series on User-dfaf98d9bd] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P50 "Auto EPSON Stylus CX3600 Series on User-dfaf98d9bd" /O26 "\\USER-DFAF98D9BD\Printer3" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B889F7C-AD2B-410B-89B1-6FD193054B4F}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{A602A185-D747-47A0-AA5E-93449F164EA3}: NameServer = 80.58.61.250,80.58.61.254
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 16:58:42, on 21/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Al2\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [\\User-dfaf98d9bd\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P44 "\\User-dfaf98d9bd\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3600 Series on User-dfaf98d9bd] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P50 "Auto EPSON Stylus CX3600 Series on User-dfaf98d9bd" /O26 "\\USER-DFAF98D9BD\Printer3" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B889F7C-AD2B-410B-89B1-6FD193054B4F}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{A602A185-D747-47A0-AA5E-93449F164EA3}: NameServer = 80.58.61.250,80.58.61.254
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Member Avatar for kylethedarkn

For some reason both logs are about 7 lines long and go -----> instead of
down. You could just copy and paste the logs into this box where you type replies.

Member Avatar for alanmc

Adding the attachments again. The log files were saved in Unix format (using LF at the end of the line instead of the Windows CR/LF). Anyway should be readable now.

Al

ANALYSIS COMPLETE - (32.233 secs)
------------------------------------------------------------------------------------------
275.9MB to be removed. (Approximate size)
------------------------------------------------------------------------------------------
Details of files to be deleted (Note: No files have been deleted yet)
------------------------------------------------------------------------------------------
IE Temporary Internet Files (430 files) 2.16MB
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@aj.daniweb[1].txt 191 bytes
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@daniweb[1].txt 1.05KB
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@google[1].txt 131 bytes
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@google[2].txt 130 bytes
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@msn[2].txt 102 bytes
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@msn[3].txt 101 bytes
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@updates.installshield[2].txt 117 bytes
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@www.daniweb[2].txt 167 bytes
C:\Documents and Settings\Med Ocean Properties\Cookies\med ocean properties@www.msn[1].txt 67 bytes
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\desktop.ini 113 bytes
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006013020060206\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006020220060203\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006022020060221\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006022120060222\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006022220060223\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006022420060225\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006062620060703\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006070320060710\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006071020060717\index.dat 48.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006071720060718\index.dat 32.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006071820060719\index.dat 64.00KB
C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\MSHist012006072120060722\index.dat 32.00KB
Marked for deletion: C:\Documents and Settings\Med Ocean Properties\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Documents and Settings\Med Ocean Properties\Cookies\index.dat
Marked for deletion: C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\index.dat
Marked for deletion: C:\Documents and Settings\Med Ocean Properties\Local Settings\History\History.IE5\mshist012006020220060203\index.dat
Emptied Recycle Bin (16 files) 230.5MB
C:\WINDOWS\TEMP\915M.cat 7.33KB
C:\WINDOWS\TEMP\915M.inf 3.29KB
C:\WINDOWS\TEMP\Cookies\index.dat 32.00KB
C:\WINDOWS\TEMP\Cookies\med ocean properties@mcafee[1].txt 83 bytes
C:\WINDOWS\TEMP\History\History.IE5\desktop.ini 113 bytes
C:\WINDOWS\TEMP\History\History.IE5\index.dat 32.00KB
C:\WINDOWS\TEMP\ich6core.cat 8.03KB
C:\WINDOWS\TEMP\ich6core.inf 4.71KB
C:\WINDOWS\TEMP\ich6ide.cat 7.54KB
C:\WINDOWS\TEMP\ich6ide.inf 3.64KB
C:\WINDOWS\TEMP\ich6usb.cat 9.05KB
C:\WINDOWS\TEMP\ich6usb.inf 3.80KB
C:\WINDOWS\TEMP\mcu10.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu10.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu10.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu10.tmp\UpdResp.mcaf 779 bytes
C:\WINDOWS\TEMP\mcu10E.tmp\agentins.cab 73.96KB
C:\WINDOWS\TEMP\mcu10E.tmp\agentins.inf 662 bytes
C:\WINDOWS\TEMP\mcu10E.tmp\agentins.ui 74.22KB
C:\WINDOWS\TEMP\mcu10E.tmp\AgentVer.ini 7.53KB
C:\WINDOWS\TEMP\mcu10E.tmp\AgntIcfg.ini 797 bytes
C:\WINDOWS\TEMP\mcu10E.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu10E.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu10E.tmp\mcuninst.dll 0.11MB
C:\WINDOWS\TEMP\mcu10E.tmp\mps\en-gb\com\mpscfg.cab 1.36MB
C:\WINDOWS\TEMP\mcu10E.tmp\mps\mpsmain.cab 0.44MB
C:\WINDOWS\TEMP\mcu10E.tmp\mps\mpsmon.cab 0.13MB
C:\WINDOWS\TEMP\mcu10E.tmp\mps\winnt\mps.cab 0.13MB
C:\WINDOWS\TEMP\mcu10E.tmp\mpscfg.ini 614 bytes
C:\WINDOWS\TEMP\mcu10E.tmp\mpsins.cab 102.08KB
C:\WINDOWS\TEMP\mcu10E.tmp\mpsins.inf 678 bytes
C:\WINDOWS\TEMP\mcu10E.tmp\mpsins.ui 63.14KB
C:\WINDOWS\TEMP\mcu10E.tmp\MpsVer.Ini 3.55KB
C:\WINDOWS\TEMP\mcu10E.tmp\UpdReq.mcaf 987 bytes
C:\WINDOWS\TEMP\mcu10E.tmp\UpdResp.mcaf 1.92KB
C:\WINDOWS\TEMP\mcu11.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu11.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu11.tmp\vso\46934694.upm 45.73KB
C:\WINDOWS\TEMP\mcu11.tmp\vso\mcdelta.ini 995 bytes
C:\WINDOWS\TEMP\mcu116.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu116.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu116.tmp\UpdReq.mcaf 1.42KB
C:\WINDOWS\TEMP\mcu116.tmp\UpdResp.mcaf 778 bytes
C:\WINDOWS\TEMP\mcu12.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu12.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu12.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu12.tmp\UpdResp.mcaf 781 bytes
C:\WINDOWS\TEMP\mcu121.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu121.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu121.tmp\vso\47394740.upm 15.58KB
C:\WINDOWS\TEMP\mcu121.tmp\vso\mcdelta.ini 996 bytes
C:\WINDOWS\TEMP\mcu12F.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu12F.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu12F.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu12F.tmp\UpdResp.mcaf 781 bytes
C:\WINDOWS\TEMP\mcu13.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu13.tmp\UpdResp.mcaf 954 bytes
C:\WINDOWS\TEMP\mcu13.tmp\vso\47054706.upm 21.06KB
C:\WINDOWS\TEMP\mcu13.tmp\vso\47064707.upm 28.45KB
C:\WINDOWS\TEMP\mcu13.tmp\vso\mcdelta.ini 995 bytes
C:\WINDOWS\TEMP\mcu134.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu134.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu134.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu134.tmp\UpdResp.mcaf 779 bytes
C:\WINDOWS\TEMP\mcu13A.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu13A.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu13A.tmp\vso\47614762.upm 34.11KB
C:\WINDOWS\TEMP\mcu13A.tmp\vso\mcdelta.ini 996 bytes
C:\WINDOWS\TEMP\mcu14.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu14.tmp\UpdResp.mcaf 1.07KB
C:\WINDOWS\TEMP\mcu14.tmp\vso\47114712.upm 21.38KB
C:\WINDOWS\TEMP\mcu14.tmp\vso\47124713.upm 32.59KB
C:\WINDOWS\TEMP\mcu14.tmp\vso\47134714.upm 24.11KB
C:\WINDOWS\TEMP\mcu14.tmp\vso\mcdelta.ini 992 bytes
C:\WINDOWS\TEMP\mcu15.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu15.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu15.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu15.tmp\UpdResp.mcaf 779 bytes
C:\WINDOWS\TEMP\mcu16.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu16.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu16.tmp\vso\47244725.upm 24.79KB
C:\WINDOWS\TEMP\mcu16.tmp\vso\mcdelta.ini 993 bytes
C:\WINDOWS\TEMP\mcu17.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu17.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu17.tmp\vso\47254726.upm 21.43KB
C:\WINDOWS\TEMP\mcu17.tmp\vso\mcdelta.ini 993 bytes
C:\WINDOWS\TEMP\mcu18.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu18.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu18.tmp\vso\46914692.upm 54.84KB
C:\WINDOWS\TEMP\mcu18.tmp\vso\mcdelta.ini 994 bytes
C:\WINDOWS\TEMP\mcu19.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu19.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu19.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu19.tmp\UpdResp.mcaf 781 bytes
C:\WINDOWS\TEMP\mcu19C.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu19C.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu19C.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu19C.tmp\UpdResp.mcaf 776 bytes
C:\WINDOWS\TEMP\mcu1A.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu1A.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu1A.tmp\vso\47164717.upm 27.26KB
C:\WINDOWS\TEMP\mcu1A.tmp\vso\mcdelta.ini 993 bytes
C:\WINDOWS\TEMP\mcu1A1.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu1A1.tmp\UpdResp.mcaf 1.07KB
C:\WINDOWS\TEMP\mcu1A1.tmp\vso\47074708.upm 23.64KB
C:\WINDOWS\TEMP\mcu1A1.tmp\vso\47084709.upm 39.02KB
C:\WINDOWS\TEMP\mcu1A1.tmp\vso\47094710.upm 47.35KB
C:\WINDOWS\TEMP\mcu1A1.tmp\vso\mcdelta.ini 994 bytes
C:\WINDOWS\TEMP\mcu1B.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu1B.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu1B.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu1B.tmp\UpdResp.mcaf 779 bytes
C:\WINDOWS\TEMP\mcu1C.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu1C.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu1C.tmp\vso\47304731.upm 3.88KB
C:\WINDOWS\TEMP\mcu1C.tmp\vso\mcdelta.ini 995 bytes
C:\WINDOWS\TEMP\mcu1D.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu1D.tmp\UpdResp.mcaf 954 bytes
C:\WINDOWS\TEMP\mcu1D.tmp\vso\46994700.upm 23.02KB
C:\WINDOWS\TEMP\mcu1D.tmp\vso\47004701.upm 43.96KB
C:\WINDOWS\TEMP\mcu1D.tmp\vso\mcdelta.ini 996 bytes
C:\WINDOWS\TEMP\mcu1E.tmp\McAppIns.exe 0.13MB
C:\WINDOWS\TEMP\mcu1E.tmp\mcinsres.dll 32.50KB
C:\WINDOWS\TEMP\mcu1E.tmp\UpdReq.mcaf 1.45KB
C:\WINDOWS\TEMP\mcu1E.tmp\UpdResp.mcaf 779 bytes
C:\WINDOWS\TEMP\mcu1F.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu1F.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu1F.tmp\vso\47284729.upm 24.73KB
C:\WINDOWS\TEMP\mcu1F.tmp\vso\mcdelta.ini 994 bytes
C:\WINDOWS\TEMP\mcu20.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu20.tmp\UpdResp.mcaf 815 bytes
C:\WINDOWS\TEMP\mcu20.tmp\vso\47014702.upm 39.24KB
C:\WINDOWS\TEMP\mcu20.tmp\vso\mcdelta.ini 995 bytes
C:\WINDOWS\TEMP\mcu21.tmp\UpdReq.mcaf 1.75KB
C:\WINDOWS\TEMP\mcu21.tmp\UpdResp.mcaf 954 bytes
C:\WINDOWS\TEMP\mcu21.tmp\vso\47144715.upm 25.19KB
C:\WINDOWS\TEMP\mcu21.tmp\vso\47154716.upm 521 bytes
C
Logfile of HijackThis v1.99.1
Scan saved at 18:33:09, on 21/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Al2\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [\\User-dfaf98d9bd\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P44 "\\User-dfaf98d9bd\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3600 Series on User-dfaf98d9bd] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P50 "Auto EPSON Stylus CX3600 Series on User-dfaf98d9bd" /O26 "\\USER-DFAF98D9BD\Printer3" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B889F7C-AD2B-410B-89B1-6FD193054B4F}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{A602A185-D747-47A0-AA5E-93449F164EA3}: NameServer = 80.58.61.250,80.58.61.254
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 16:58:42, on 21/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Al2\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [\\User-dfaf98d9bd\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P44 "\\User-dfaf98d9bd\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3600 Series on User-dfaf98d9bd] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P50 "Auto EPSON Stylus CX3600 Series on User-dfaf98d9bd" /O26 "\\USER-DFAF98D9BD\Printer3" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B889F7C-AD2B-410B-89B1-6FD193054B4F}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{A602A185-D747-47A0-AA5E-93449F164EA3}: NameServer = 80.58.61.250,80.58.61.254
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Member Avatar for kylethedarkn

Well ive found a suspicious file that I want you to scan. The file is smss.exe. Usually this file is a normal system file but it is usually located in the system32 folder yours however is running form the system folder. This usually means its not the real thing so lets scan it.

Go to Jotti's and upload and scan the following file.
C:\WINDOWS\system\smss.exe


If the scan finds something malicious then do the folllowing.
Run HJT and check the following.
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
Close all other windows and click fix checked.

Now Reboot to safe mode and delete the following file.
C:\WINDOWS\system\smss.exe

Reboot back to normal and post a new HJT log.

If the scan comes back clean let me know.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.