DssAgent found by Ad-Aware

You mean this: http://www.liutilities.com/products/wintaskspro/processlibrary/dssagent/

Complete the READ ME and attach the logs. Do you use any software from Broderbund?

 

Maybe you misread what Ad-aware was reporting. I do not see Dss Agent but I do see the below from Dell:

C:\Program Files\Dell Support\DSAgnt.exe

You HJT log does not show any major problems. There are just a few minor things I would do as stated below. And then there are also some infected email files that you must delete.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\cpbrkpie.ocx
C:\Documents and Settings\Cora Barrett\Application Data\Thunderbird\Profiles\db9ez90g.default\Mail\mail.bellsouth.net\Inbox[price.cpl]
C:\Documents and Settings\Cora Barrett\Application Data\Thunderbird\Profiles\db9ez90g.default\Mail\mail.bellsouth.net\Inbox[DFC00213.exe]
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050416-194053.backup

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Bitdefender probably was successful in removing the hosts.20050416-194053.backup file.
The two email items may have to be deleted while running your email program. The are probably part of a large email file. You could just run Panda again and see if it still detects these. If so, try cleaning them out of your email.

 

Looks pretty good other than the minor detection by Panda on Adware/Coupons. Too bad Panda does not give exactly what it is finding so we could look for it an remove it.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

I have an idea to try though for the Coupons thing.

Download the Registry Search Tool

Unzip to your Desktop and double click on regsrch.vbs
(if you have script protection, please allow this to run)

In the dialog that opens enter the following:

cpbrkpie.ocx

Press 'OK'

The search will run for a while then alert you when it is finished. Press 'OK' and copy the contents of the WordPad window and post in this thread. If it is very long, an attachment would be better.

 

Can you delete this control?

Let's do a couple more things.

Run the steps inUsing GetRunKey and attach the log!

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

 

That log is clean! So is everything working OK now? If so, start completing what I gave you in message # 9 if you have not done it already.

 

pskavs.dll is part of the software from PandaActiveScan and is normally found under the directory "ActiveScan". This is not malware. Just tell MS AS to ignore it and always ignore it.

 

You're welcome! Surf safely!

Make sure you give them the complete error message - not just a piece of it. Also indicate which firewall you were attempting to install.