Well,
I followed the instructions in the guide. Most of which I could do. The Panda online scan was a no-go unfortunately. In trying to install the Panda components a popup kept coming up asking for a password. Trying to bypass that caused an error in Panda and so it wouldn't scan. I'll post the logs I have and await your further instruction. Oh...THank you!!!!
SUPERAntiSpyware Scan Log
Generated 12/06/2006 at 01:38 AM
Application Version : 3.3.1020
Core Rules Database Version : 3142
Trace Rules Database Version: 1158
Scan type : Complete Scan
Total Scan Time : 00:27:00
Memory items scanned : 475
Memory threats detected : 0
Registry items scanned : 5005
Registry threats detected : 0
File items scanned : 27180
File threats detected : 0
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:53:02 PM 12/5/2006
+ Scan result:
[180] VM_00D60000 -> Downloader.Agent.uj : Cleaned with backup (quarantined).
[204] VM_00BF0000 -> Downloader.Agent.uj : Cleaned with backup (quarantined).
[740] VM_00FB0000 -> Downloader.Agent.uj : Cleaned with backup (quarantined).
[828] VM_009D0000 -> Downloader.Agent.uj : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 12:10:34 AM, on 12/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\713xRMTMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Desktop Architect\datray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybizR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dell4me.com/mywaybizO1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ASP.NET Helper - {42031715-09B2-3B51-A93F-56C308E48F38} - C:\WINDOWS\system\ctlvxd32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ScheduleTV.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\4.0M MPEG4 DV\Console\Watch.exe
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -
https://components.v...vet1/index.htmlO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://download.ewid...oOnlineScan.cabO16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) -
http://24.231.158.230:8888/kxhcm10.ocxO16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) -
http://webeffective....torLauncher.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1162149739082O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) -
http://www.mophun.co...base/mophun.cabO16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) -
http://www.nullsoft....ayx_vp3_mp3.cabO16 - DPF: {E6B72B91-7AC8-42A3-9545-A38C12700F6B} (JamagicCtl Class) -
http://www.clickteam...gic/jamagic.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: NameServer = 85.255.116.122,85.255.112.79
O17 - HKLM\System\CCS\Services\Tcpip\..\{546C38AF-3ADB-448A-8025-FBE0D34CBD6A}: NameServer = 85.255.116.122,85.255.112.79
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E5BB4D-BCCA-4226-BB33-B2142403E63B}: NameServer = 85.255.116.122,85.255.112.79
O17 - HKLM\System\CCS\Services\Tcpip\..\{C60E416F-DAA7-497A-82C5-FF36FDA1AEC6}: NameServer = 85.255.116.122,85.255.112.79
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9E1A534-F6CE-42EC-91BD-863E811291F8}: NameServer = 85.255.116.122,85.255.112.79
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.122 85.255.112.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: NameServer = 85.255.116.122,85.255.112.79
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.122 85.255.112.79
O17 - HKLM\System\CS3\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: NameServer = 85.255.116.122,85.255.112.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.122 85.255.112.79
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Let me know if there are other scans or reports you need from me. As a side note the only Windows update I didn't do at this time was the update/upgrade to IE7. With my questionable connection I didn't feel like waiting for the extra 15 megs!
Thank you in advance again!
SpiderDragon