Posted in wrong section, please move please!

My PC has been acting strange here lately, screen flashing...it's just hard to explain. I have 4 users on this PC and keeping "Crap" off the PC is a full time job. I have an antivirus updating and scanning nightly and a fire wall set up. If someone could take a look at my log file I would appreciate it.

Thanks, Bumpus

Logfile of HijackThis v1.98.2
Scan saved at 10:20:09 AM, on 1/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Deerfield.com\DNS2Go\DNS2GoClient.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\winlogon.exe
C:\PROGRA~1\ACDSYS~1\ACDSEE~1\ACDSee.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\logon.scr
J:\Apps\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061211
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [url]http://support.dell.com/systemprofiler/SysPro.CAB[/url]
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - [url]http://www.musicnotes.com/download/mnviewer.cab[/url]
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

Your log seems to be okay, but you seem to have left off part of the log... Please post a complete log... If you don't see any other material in the log, post this log instead...

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...

Thanks for looking at my post. Here is the combofix log file. Part 1 of 2

"kward" - 07-01-23 8:09:33 Service Pack 2
ComboFix 07-01-23.2 - Running from: "C:\Documents and Settings\kward\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-23 to 2007-01-23 ))))))))))))))))))))))))))))))))))


2007-01-21 21:00 <DIR> d-------- C:\MSN Games
2007-01-21 20:04 <DIR> d-------- C:\Yahoo! Games
2007-01-21 20:04 <DIR> d-------- C:\DOCUME~1\Emily\Application Data\Wildfire
2007-01-21 20:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Trymedia
2007-01-20 12:20 <DIR> d-------- C:\Program Files\Full Tilt Poker
2007-01-18 20:02 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2007-01-18 20:02 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-01-18 20:02 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2007-01-18 20:02 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-01-18 20:02 <DIR> d-------- C:\Program Files\Symantec
2007-01-18 20:02 <DIR> d-------- C:\DOCUME~1\kward\Application Data\Symantec
2007-01-18 18:05 <DIR> d-------- C:\Program Files\Western Digital
2007-01-17 20:22 97,792 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2007-01-17 20:22 94,208 --a------ C:\WINDOWS\system32\FEELIT.DLL
2007-01-17 20:22 70,798 --------- C:\WINDOWS\system32\drivers\lmouflt2.sys
2007-01-17 20:22 51,486 --------- C:\WINDOWS\system32\drivers\L8042PR2.SYS
2007-01-17 20:22 37,884 --------- C:\WINDOWS\system32\drivers\Lhidusb.sys
2007-01-17 20:22 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2007-01-17 20:22 25,502 --------- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS
2007-01-17 20:22 23,372 --------- C:\WINDOWS\system32\LCOINST.DLL
2007-01-17 20:22 19,968 --------- C:\WINDOWS\LOGI_MWX.EXE
2007-01-17 20:22 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2007-01-17 20:22 155,648 --a------ C:\WINDOWS\system32\ifc21.dll
2007-01-17 20:22 152,064 --------- C:\WINDOWS\system32\lmoufrc.dll
2007-01-17 20:22 14,092 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2007-01-17 20:22 12,953 --------- C:\WINDOWS\system32\drivers\itchfltr.sys
2007-01-17 20:22 104,960 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2007-01-17 20:22 <DIR> d-------- C:\Program Files\Logitech
2007-01-17 20:22 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-01-17 20:18 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-01-17 20:18 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-01-16 17:55 <DIR> d-------- C:\DOCUME~1\Emily\AIMPro
2007-01-16 13:25 <DIR> d-------- C:\DOCUME~1\Emily\Application Data\MySpace
2007-01-15 19:41 <DIR> d-------- C:\DOCUME~1\Sara\Application Data\MySpace
2007-01-13 10:06 <DIR> d-------- C:\DOCUME~1\Charlie\Application Data\DivX
2007-01-13 06:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-12 18:26 <DIR> d-------- C:\DOCUME~1\Charlie\Application Data\Adobe
2007-01-12 11:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-12 10:15 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-01-07 14:29 <DIR> d-------- C:\Program Files\MySpace
2007-01-07 14:29 <DIR> d-------- C:\DOCUME~1\Charlie\Application Data\MySpace
2006-12-31 22:45 <DIR> d-------- C:\DOCUME~1\kward\Application Data\Sun
2006-12-31 22:27 <DIR> d-------- C:\My Games
2006-12-31 22:27 <DIR> d-------- C:\My Download Files
2006-12-31 22:26 774,144 --a------ C:\Program Files\RngInterstitial.dll
2006-12-31 12:37 <DIR> d-------- C:\DOCUME~1\Sara\Application Data\Sun
2006-12-30 17:00 <DIR> d-------- C:\WINDOWS\Sun
2006-12-30 17:00 <DIR> d-------- C:\DOCUME~1\Charlie\Application Data\Sun
2006-12-25 21:50 <DIR> d-------- C:\Program Files\Fighter Ace


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2007-01-21 12:41 -------- d-------- C:\Program Files\pokerstars
2007-01-20 12:20 -------- d--h----- C:\Program Files\installshield installation information
2007-01-19 22:36 -------- d-------- C:\Program Files\dell
2007-01-18 20:02 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-17 22:14 -------- d-------- C:\Program Files\Common Files\sonic shared
2006-12-31 22:26 -------- d-------- C:\Program Files\real
2006-12-21 20:27 -------- d-------- C:\Program Files\kazaa
2006-12-21 18:58 -------- d-------- C:\Program Files\ares
2006-12-21 18:30 10 --a------ C:\WINDOWS\smdat32m.sys
2006-12-20 19:18 -------- d---s---- C:\DOCUME~1\kward\Application Data\microsoft
2006-12-20 15:37 -------- d-------- C:\Program Files\need2find
2006-12-19 17:50 -------- d-------- C:\DOCUME~1\kward\Application Data\adobeum
2006-12-17 15:41 -------- d-------- C:\Program Files\world of warcraft
2006-12-16 22:57 3072 --a------ C:\DOCUME~1\kward\Application Data\dvd.bmk
2006-12-16 22:49 -------- d-------- C:\DOCUME~1\kward\Application Data\divx
2006-12-16 21:47 -------- d-------- C:\DOCUME~1\kward\Application Data\adobe
2006-12-16 21:15 2508 --a------ C:\DOCUME~1\kward\Application Data\$_hpcst$.hpc
2006-12-16 21:14 -------- d-------- C:\Program Files\microsoft activesync
2006-12-15 23:43 -------- d-------- C:\DOCUME~1\kward\Application Data\camfrog
2006-12-15 23:38 -------- d-------- C:\Program Files\camfrog
2006-12-15 23:31 -------- d-------- C:\Program Files\creative
2006-12-15 23:30 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-15 20:42 -------- d-------- C:\Program Files\Common Files\blizzard entertainment
2006-12-15 20:04 -------- d-------- C:\Program Files\warcraft iii
2006-12-15 19:54 2829 --a------ C:\WINDOWS\war3unin.pif
2006-12-15 19:54 139264 --a------ C:\WINDOWS\war3unin.exe
2006-12-15 06:55 -------- d-------- C:\Program Files\windows media connect 2
2006-12-14 23:52 -------- d-------- C:\Program Files\msxml 4.0
2006-12-14 23:42 -------- d-------- C:\DOCUME~1\kward\Application Data\macromedia
2006-12-14 23:14 -------- d-------- C:\DOCUME~1\kward\Application Data\sonic
2006-12-14 23:11 -------- d-------- C:\DOCUME~1\kward\Application Data\leadertech
2006-12-14 23:09 -------- d-------- C:\Program Files\microsoft works
2006-12-14 23:08 -------- d-------- C:\Program Files\Common Files\aol
2006-12-14 23:02 -------- d-------- C:\Program Files\divx
2006-12-14 22:07 -------- d-------- C:\Program Files\google
2006-12-14 20:10 -------- d-------- C:\Program Files\ea games
2006-12-14 20:04 -------- d-------- C:\Program Files\winamp
2006-12-14 19:53 -------- d-------- C:\Program Files\hewlett-packard
2006-12-14 19:51 -------- d-------- C:\Program Files\hp
2006-12-14 19:46 -------- d-------- C:\Program Files\microsoft.net
2006-12-14 19:36 -------- d-------- C:\Program Files\snapshot viewer
2006-12-14 19:33 -------- d-------- C:\Program Files\microsoft frontpage
2006-12-14 19:33 -------- d-------- C:\DOCUME~1\kward\Application Data\microsoft web folders
2006-12-14 19:23 -------- d-------- C:\Program Files\iphoto plus 4
2006-12-14 19:21 -------- d-------- C:\Program Files\dell network assistant
2006-12-14 19:19 -------- d-------- C:\Program Files\acro software
2006-12-14 19:18 -------- d-------- C:\Program Files\gnugs
2006-12-14 19:12 -------- d-------- C:\Program Files\realvnc
2006-12-14 19:12 -------- d-------- C:\Program Files\deerfield.com
2006-12-14 19:11 -------- d-------- C:\Program Files\seagate software
2006-12-14 19:11 -------- d-------- C:\Program Files\mapinfo mapx
2006-12-14 19:09 -------- d-------- C:\DOCUME~1\kward\Application Data\acccore
2006-12-14 19:08 -------- d-------- C:\Program Files\aim
2006-12-14 19:08 -------- d-------- C:\DOCUME~1\kward\Application Data\aimpro
2006-12-14 19:08 -------- d-------- C:\DOCUME~1\kward\Application Data\aim
2006-12-14 19:04 -------- d-------- C:\Program Files\lavasoft
2006-12-14 19:04 -------- d-------- C:\DOCUME~1

Part 2 of 2

\kward\Application Data\lavasoft
2006-12-14 19:03 -------- d-------- C:\DOCUME~1\kward\Application Data\help
2006-12-14 19:02 -------- d-------- C:\Program Files\acd systems
2006-12-14 18:52 -------- d-------- C:\Program Files\network associates
2006-12-14 18:52 -------- d-------- C:\Program Files\Common Files\network associates
2006-12-14 18:52 -------- d-------- C:\Program Files\Common Files\cisco systems
2006-12-14 18:33 -------- d-------- C:\DOCUME~1\kward\Application Data\google
2006-12-12 11:30 520192 --a------ C:\WINDOWS\system32\divxsm.exe
2006-12-12 11:30 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-12-12 11:30 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-12-12 11:30 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-12-12 11:25 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-12-12 11:25 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-12-12 11:25 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-12-12 11:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-12-12 11:25 635486 --a------ C:\WINDOWS\system32\divx.dll
2006-12-12 11:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2006-12-12 11:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-12-12 11:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2006-12-12 11:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-12-12 11:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-12-12 11:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-12-12 11:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-12-12 11:24 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-12-12 11:24 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-12-11 23:18 -------- d-------- C:\DOCUME~1\kward\Application Data\ati
2006-12-11 23:13 -------- d--h----- C:\DOCUME~1\kward\Application Data\gtek
2006-12-11 23:12 -------- d-------- C:\Program Files\dell support
2006-12-11 23:11 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-11 23:10 -------- d-------- C:\Program Files\roxio
2006-12-11 23:10 -------- d-------- C:\Program Files\Common Files\roxio shared
2006-12-11 23:10 -------- d-------- C:\Program Files\bae
2006-12-11 23:09 -------- d-------- C:\Program Files\Common Files\tivo shared
2006-12-11 23:06 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-12-11 23:06 -------- d-------- C:\Program Files\quicktime
2006-12-11 23:06 -------- d-------- C:\Program Files\learn2.com
2006-12-11 23:06 -------- d-------- C:\Program Files\Common Files\real
2006-12-11 23:06 -------- d-------- C:\Program Files\Common Files\nullsoft
2006-12-11 23:05 -------- d-------- C:\Program Files\microsoft plus! photo story 2 le
2006-12-11 23:05 -------- d-------- C:\Program Files\microsoft plus! digital media edition
2006-12-11 23:04 -------- d-------- C:\Program Files\netwaiting
2006-12-11 23:04 -------- d-------- C:\Program Files\musicmatch
2006-12-11 23:04 -------- d-------- C:\Program Files\modem helper
2006-12-11 23:04 -------- d-------- C:\Program Files\interactual
2006-12-11 23:04 -------- d-------- C:\Program Files\digital line detect
2006-12-11 23:03 -------- d-------- C:\Program Files\intel
2006-12-11 23:03 -------- d-------- C:\Program Files\ati technologies
2006-12-11 23:01 -------- d-------- C:\Program Files\sigmatel
2006-12-11 23:00 -------- d-------- C:\Program Files\messenger
2006-12-11 23:00 -------- d-------- C:\Program Files\java
2006-12-11 22:59 -------- d-------- C:\Program Files\Common Files\java
2006-12-11 22:49 -------- d-------- C:\Program Files\conexant
2006-11-27 03:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-13 01:02 36352 --------- C:\WINDOWS\system32\tsgqec.dll
2006-11-13 01:02 288768 --------- C:\WINDOWS\system32\rhttpaa.dll
2006-11-13 01:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-13 01:02 116736 --------- C:\WINDOWS\system32\aaclient.dll
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-07 03:06 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-06 11:35 531568 --a------ C:\WINDOWS\system32\rmactivate_isv.exe
2006-11-06 11:35 523376 --a------ C:\WINDOWS\system32\rmactivate.exe
2006-11-06 11:35 519280 --a------ C:\WINDOWS\system32\secproc_isv.dll
2006-11-06 11:35 518768 --a------ C:\WINDOWS\system32\secproc.dll
2006-11-06 11:35 358000 --a------ C:\WINDOWS\system32\rmactivate_ssp.exe
2006-11-06 11:35 354416 --a------ C:\WINDOWS\system32\rmactivate_ssp_isv.exe
2006-11-06 11:35 323696 --a------ C:\WINDOWS\system32\msdrm.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp_isv.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"SigmatelSysTrayApp"="stsystra.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM .exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""
"AIMPro"="\"C:\\Program Files\\AIM\\AIM Pro\\aimpro.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\ hpztsb10.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="LOGI_MWX.EXE"
"GhostStartTrayApp"="C:\\Program Files\\Symantec\\Norton Ghost 2003\\GhostStartTrayApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\D]
Shell\AutoRun\command D:\Autorun.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\r oot\LEGACY_ASPI32

Completion time: 07-01-23 8:12:33

When you install Kazaa, you get some extra gifts with it...

http://72.14.253.104/search?q=cache:5TqmODQZ7EEJ:www.bleepingcomputer.c om/uninstall/900/Need2Find-Bar.html+need2find&hl=en&gl=us&ct=clnk&cd=13&lr=lang_en&client=firefox-a

I suggest you Remove that program... And Kazaa while you are at it...

Rather than trying to find and remove each thing individually, try a couple of other scans now that we know that there is malware there... First, MWavScan is available with full function until Feb 15, so use this:

Try running an MWavScan... It will produce a log in the lower window that has the bad list and you will need to use Ctrl-C to copy it and then paste it here for review.... If the list is extremely long, you can just paste the lines that begin with the word "File" since those are the ones we need to be most concerned about...

http://www.mwti.net/products/mwav/mwav.asp

Next, run this one:

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


And do an AVG AntiSpyware (Ewido) scan:

Please download, install, and update Ewido anti-spyware (http://www.ewido.net/en/download/)



Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.

After the update finishes (the status bar at the bottom will display "Update successful")

Close ewido. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.


In Safe Mode, load Ewido and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Restart back into Normal Mode.


Please perform another scan with Hijack This, and then post back with a copy of the Ewido log and the new HijackThis log.

Post back with all of the logs... Leave the HJT log until everything else is done...