can't access items in control panel

Question

cha_black 0 Newbie Poster

15 Years Ago

i am unable to access the items in my control panel such as add/remove programs etc. please help! there seems to be some sort of trojan at work. here is my hijackthis log and my combofix log. i'm not massively technical so basic instructions would be much appreciated.
many thanks,
charlie.

Logfile of HijackThis v1.99.1
Scan saved at 21:09:40, on 29/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\XP\Desktop\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Update Class - {6F282C89-3BD3-4387-92D9-C76428B07E07} - C:\Program Files\Google\Update\1.1.25.0\GoopdateBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.0\gears.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.0\gears.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203679265218
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpwd.dll
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1c8d0d087769b32) (gupdate1c8d0d087769b32) - Unknown owner - C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe" /svc /lang en (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

ComboFix 08-06-20.4 - XP 2008-06-29 20:32:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1131 [GMT 1:00]
Running from: C:\Documents and Settings\XP\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\NoAdware5.0\nutils.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 19:54 . 2008-06-29 19:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 19:54 . 2008-06-29 19:54 <DIR> d-------- C:\Documents and Settings\XP\Application Data\Malwarebytes
2008-06-29 19:54 . 2008-06-29 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-29 19:54 . 2008-06-28 14:21 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-29 19:54 . 2008-06-28 14:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-29 19:42 . 2008-06-29 19:49 <DIR> d-------- C:\Documents and Settings\XP\.SunDownloadManager
2008-06-24 01:21 . 2008-06-24 01:21 3,180 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-23 19:17 . 2008-06-29 20:12 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-23 19:00 . 2008-06-29 20:38 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-23 19:00 . 2008-06-23 19:00 <DIR> d-------- C:\Program Files\AVG
2008-06-23 19:00 . 2008-06-23 19:00 <DIR> d-------- C:\Documents and Settings\XP\Application Data\AVGTOOLBAR
2008-06-23 19:00 . 2008-06-23 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-23 19:00 . 2008-06-23 19:00 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-23 19:00 . 2008-06-23 19:00 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-23 19:00 . 2008-06-23 19:00 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-23 19:00 . 2008-06-23 19:00 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-22 17:54 . 2008-06-29 20:35 4,576 --a------ C:\WINDOWS\system32\drivers\kgpcpy.cfg
2008-06-22 17:51 . 2008-06-22 17:51 <DIR> d-------- C:\Program Files\STOPzilla!
2008-06-22 16:03 . 2008-06-22 16:03 <DIR> d-------- C:\Program Files\XoftSpySE
2008-06-22 15:09 . 2008-06-29 20:35 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-06-22 14:47 . 2008-06-22 14:47 <DIR> d-------- C:\Documents and Settings\XP\WINDOWS
2008-06-22 14:47 . 2008-06-22 14:47 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-06-22 14:18 . 2008-06-22 14:48 <DIR> d-------- C:\Program Files\Canon
2008-06-22 02:04 . 2008-06-22 02:04 <DIR> d-------- C:\Documents and Settings\XP\.housecall6.6
2008-06-22 01:40 . 2008-06-22 01:40 9,987 --a------ C:\WINDOWS\system32\DeleteDB.db
2008-06-22 00:59 . 2008-04-15 10:29 12,752 --a------ C:\WINDOWS\system32\SDEarlyDelete.exe
2008-06-22 00:51 . 2008-06-29 19:27 5,483 --a------ C:\WINDOWS\system32\SDRemoveDB.db
2008-06-22 00:50 . 2008-06-22 16:15 <DIR> d-------- C:\Program Files\SpywareDetector
2008-06-22 00:50 . 2008-05-27 10:38 860,160 --a------ C:\WINDOWS\system32\CheckDll.dll
2008-06-22 00:50 . 2008-06-29 19:24 123 --a------ C:\WINDOWS\system\SysSD.dll
2008-06-22 00:50 . 2008-06-22 00:59 110 --a------ C:\WINDOWS\system32\SDEarlyDelete.ini
2008-06-22 00:50 . 2005-02-06 09:02 104 --a------ C:\WINDOWS\system32\ProxySettings.ini
2008-06-22 00:05 . 2008-06-22 00:05 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-21 23:50 . 2008-06-22 00:42 0 --a------ C:\WINDOWS\system32\ieupdates.exe.tmp
2008-06-12 15:09 . 2008-06-12 15:09 258,048 -ra------ C:\WINDOWS\system32\SZBase5.dll
2008-06-12 15:08 . 2008-06-12 15:08 401,408 -ra------ C:\WINDOWS\system32\SZComp5.dll
2008-06-12 10:11 . 2008-06-12 10:11 364,544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll
2008-06-12 10:11 . 2008-06-12 10:11 126,976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll
2008-06-12 10:10 . 2008-06-12 10:10 372,736 -ra------ C:\WINDOWS\system32\IS3UI5.dll
2008-06-12 10:10 . 2008-06-12 10:10 61,440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll
2008-06-12 10:10 . 2008-06-12 10:10 23,040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll
2008-06-12 10:09 . 2008-06-12 10:09 196,608 -ra------ C:\WINDOWS\system32\IS3Win325.dll
2008-06-12 10:08 . 2008-06-12 10:08 94,208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll
2008-06-12 10:08 . 2008-06-12 10:08 90,112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll
2008-06-12 10:05 . 2008-06-12 10:05 708,608 -ra------ C:\WINDOWS\system32\IS3Base5.dll
2008-06-10 19:18 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 19:17 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 01:54 . 2008-06-05 01:54 <DIR> d-------- C:\Program Files\NCH Software
2008-06-05 01:54 . 2008-06-05 01:54 <DIR> d-------- C:\Documents and Settings\XP\Application Data\Recordpad
2008-06-05 01:54 . 2008-06-05 01:54 <DIR> d-------- C:\Documents and Settings\XP\Application Data\NCH Swift Sound
2008-06-05 01:54 . 2008-06-05 01:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-06-05 01:53 . 2008-06-06 02:46 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-05-29 22:19 . 2008-05-29 22:19 <DIR> d-------- C:\Documents and Settings\XP\Application Data\Leadertech
2008-05-29 01:06 . 2008-05-29 01:06 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-29 01:05 . 2008-04-23 05:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-29 01:05 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-29 01:05 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-29 01:05 . 2008-04-23 05:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-29 01:05 . 2008-04-23 05:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-29 01:05 . 2008-04-23 05:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-29 01:05 . 2008-04-23 05:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-29 01:05 . 2008-04-23 05:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-29 01:05 . 2008-04-22 08:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-29 00:54 . 2008-05-29 00:54 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-05-29 00:28 . 2008-05-29 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-06-29 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-06-29 19:30 --------- d-----w C:\Documents and Settings\XP\Application Data\DNA
2008-06-29 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-06-29 12:24 --------- d-----w C:\Documents and Settings\XP\Application Data\LimeWire
2008-06-22 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 13:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-18 23:54 --------- d-----w C:\Program Files\Flickr Uploadr
2008-06-17 23:19 --------- d-----w C:\Program Files\Google
2008-06-15 12:10 --------- d-----w C:\Program Files\LimeWire
2008-06-15 12:04 --------- d-----w C:\Program Files\BitComet Accelerator
2008-06-15 12:03 --------- d-----w C:\Program Files\BitComet
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 01:51 --------- d-----w C:\Program Files\Photomatix
2008-05-28 22:09 --------- d-----w C:\Documents and Settings\XP\Application Data\AutoTransfer
2008-05-24 10:09 --------- d-----w C:\Documents and Settings\XP\Application Data\Yahoo!
2008-05-20 22:51 --------- d-----w C:\Program Files\MpcStar
2008-05-19 21:46 --------- d-----w C:\Documents and Settings\XP\Application Data\TigerPlayer
2008-05-19 21:44 --------- d-----w C:\Program Files\QuickTime
2008-05-19 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-19 19:10 --------- d-----w C:\Documents and Settings\XP\Application Data\BitTorrent
2008-05-17 02:21 --------- d-----w C:\Program Files\DNA
2008-05-15 23:04 --------- d-----w C:\Program Files\Common Files\ASCOM
2008-05-15 23:03 --------- d-----w C:\Program Files\ASCOM
2008-05-13 09:03 34,432 ----a-r C:\WINDOWS\system32\drivers\SZKG.sys
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 07:26 --------- d-----w C:\Program Files\Apple Software Update
2008-04-30 20:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-30 18:36 --------- d-----w C:\Program Files\Microsoft Works
2008-04-30 18:03 --------- d-----w C:\Documents and Settings\XP\Application Data\AdobeUM
2008-04-30 18:03 --------- d-----w C:\Documents and Settings\XP\Application Data\AdobeAUM
2008-04-16 17:06 21,504 ----a-w C:\WINDOWS\jestertb.dll
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 00:11 376,832 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2003-10-23 17:52 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282C89-3BD3-4387-92D9-C76428B07E07}]
2008-06-19 00:20 156144 --a----t- C:\Program Files\Google\Update\1.1.25.0\GoopdateBho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-24 13:48 68856]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 12:23 1032640]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-19 20:12 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19 94208]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-07 02:22 200704]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-07 02:22 208896]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [2007-08-14 16:32 48904]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 01:30 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 01:30 512000]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 12:23 1032640]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-23 19:00 1231128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

C:\Documents and Settings\XP\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [6/5/2008 7:52:50 PM 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/23/2008 9:51:48 PM 113664]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [11/26/2007 4:58:10 PM 576104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-08-14 16:54 89600 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 2008-05-23 17:03 401408 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14789:TCP"= 14789:TCP:BitComet 14789 TCP
"14789:UDP"= 14789:UDP:BitComet 14789 UDP
"17009:TCP"= 17009:TCP:BitComet 17009 TCP
"17009:UDP"= 17009:UDP:BitComet 17009 UDP

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-23 19:00]
R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-05-13 10:03]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-23 19:00]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-12-07 02:22]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-23 19:00]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-23 19:00]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 16:46]
S2 gupdate1c8d0d087769b32;Google Update Service (gupdate1c8d0d087769b32);"C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe" /svc /lang en []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b258b6b-2cfb-11dd-8ea6-0014a4d8113d}]
\Shell\AutoRun\command - E:\AutoTransfer.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-12 21:03:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-29 19:35:35 C:\WINDOWS\Tasks\GoogleUpdateTask.job"
- C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
"2008-06-22 00:21:22 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
"2008-06-29 19:35:35 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-06-24 04:25:01 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 20:36:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-06-29 20:42:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 19:42:47

Pre-Run: 36,488,110,080 bytes free
Post-Run: 36,427,509,760 bytes free

251 --- E O F --- 2008-06-21 01:00:21

swift windows-virus

2 Contributors
6 Replies
181 Views
1 Week Discussion Span
Latest Post 15 Years Ago Latest Post by cha_black

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

texruss 0 Newbie Poster · Answer 1 · 2008-06-30T07:33:48+00:00

Download an install a trial copy of Registry Crawler at http://www.4dev.com/regc/index.htm and look for and remove any nocontrolpanel entries.

I must say you are a far braver person than me to autoload a P2P. *;-)

Post back a new HJT log if you get Control Panel back (or not) and I'll have more suggestions.

Cheers,

Texruss

cha_black 0 Newbie Poster · Answer 2 · 2008-07-01T20:30:30+00:00

Thank you texruss, I will try this when I am next at my laptop, I've been away for a few days without it. Are there any major programs I should remove as well or just do what you've mentioned at the moment?

Thanks, charlie.

cha_black 0 Newbie Poster · Answer 3 · 2008-07-02T03:08:25+00:00

how do i use registry caller and how do i know which are nocontrol panel entries?

thanks, charlie.

texruss 0 Newbie Poster · Answer 4 · 2008-07-04T10:51:19+00:00

I have been engaged in other issues...sorry for the delay.

I have another suggestion for Control Panel, but it may only be the tip of the iceberg as far as Registry infiltration by Trojan. Kellys tweak 256 may help if the Trojan has disabled Control Panel (or it may just run over it again).

http://www.kellys-korner-xp.com/xp_tweaks.htm

Based on your suspicions of Trojans and your Control Panel issues I suggest you do some additional scanning by your AVG 8, Spybot S&D and Ad-Aware 2007:

http://www.majorgeeks.com/download2471.html
http://www.majorgeeks.com/download506.html

Update all three, but run them in Safe Mode:

For most versions of Windows it is easy to enter Safe Mode by repeatedly tapping the F8 key while restarting your computer and selecting the Safe Mode option at the Boot Menu screen. For more info and other ways to enable a Safe Mode boot for each version of Windows see this page.

http://www.computerhope.com/issues/chsafe.htm

I know these are old school apps and there are a score of single-fix anti-spyware apps for specific infections, but those companies haven't exactly been idle while the cybercriminals have been churning out new stuff. These apps may also restore your Control Panel issues so you may hold off on Kelly's tweak until after you see if they can fix the issues. Both scan and remove spyware entries in the Registry which can be your issue.

Before going to Safe Mode turn off System Restore so you can get rid of anything hiding there:

http://www.pchell.com/virus/systemrestore.shtml

We'll turn it back on after you are all clear.

Run Spybot first, then Ad-Aware, and last AVG. Fix all they find.

Reboot to normal mode Windows and download and run CCleaner:

http://www.juliatexas.com/tutorials/ccleaner.htm

I normally leave Cookies unchecked for deletion, but lately many of the new Trojans have been putting lots of entries in there, so if you find Trojans in Spybot or Ad-Aware I'd kill the Cookies until you are all clear.

Last...reboot to regular mode and run an online scan. Pandas's is pretty slow (50 minutes probably) and it misses things (especially infected cookies), but should give a general indication of where you're at.

http://www.pandasecurity.com/activescan/index/

Post back your results and let me know how it went. If you still had Trojans detected by Panda then I'll have you run another diagnostic tool to see what are your next options.

Cheers,

Texruss

cha_black 0 Newbie Poster · Answer 5 · 2008-07-11T00:44:52+00:00

hi there, thanks for your help texruss. i did everything you said apart from turning off system restore etc because as before mentioned i can't access any items in control panel, or go to properties if i right click my computer.

i get the error message: windows cannot find file 'C:\WINDOWS\system32\rundll32.exe'

here is my hijack log wich i just did, hope you can help!0)

Logfile of HijackThis v1.99.1
Scan saved at 19:35:44, on 10/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

cha_black 0 Newbie Poster · Answer 6 · 2008-07-11T07:02:45+00:00

all sorted!!! i searched for the missing file, copied and pasted it into system 32 and then removed all of the security software programs apart from AVG. i am quicker than ever and happier than larry!!