Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help! Porn Pop Ups, Wucrtupd.exe Error Message


  • Please log in to reply
16 replies to this topic

#1 FSS2007

FSS2007

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 10 June 2007 - 05:40 AM

Hi I hope someone will be able to help me soon! I've been working on a slideshow and family tree for a family reunion for the past year and now when it comes down to making some last minute changes, I get a virus! My laptop has been super slow, I can't access my start menu, I get a pop up about a "wucrtupd.exe" having to shut down, I get tons of advertisement and porn pops up. Our reunion is 6/21/07 so I hope someone will be able to help me sooner rather than later. I tried to do all the steps in the HJT instructions post but my computer is not cooperating. Please review my HJT log below - your help is much appreciated!


Logfile of HijackThis v1.99.1
Scan saved at 3:34:20 AM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\retadpu1000272.exe
C:\Documents and Settings\All Users\Application Data\cfmpgzwd.exe
C:\WINDOWS\smanager.7.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\svchost.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\APPATC~1\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\MAUMEA~2\LOCALS~1\Temp\NAV14.0.0.89\NAVSetup.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\MAUMEA~2\LOCALS~1\Temp\NAV14.0.0.89\Support\LUpdate\LUCheck.exe
C:\DOCUME~1\MAUMEA~2\LOCALS~1\Temp\NAV14.0.0.89\Support\LUpdate\LSetup.exe
C:\Program Files\Symantec\1247\lsetup2.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\??sks\w?crtupd.exe
C:\DOCUME~1\MAUMEA~2\LOCALS~1\Temp\Rar$EX00.469\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sandiego.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvul.dll,startup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [cfmpgzwd.exe] C:\Documents and Settings\All Users\Application Data\cfmpgzwd.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\fwglkraj.dll",realset
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\APPATC~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Nnpll] C:\WINDOWS\??sks\w?crtupd.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eBook USB Driver.lnk = C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O20 - AppInit_DLLs: pushow91.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: OmniFormat from Pdf995 - Unknown owner - C:\Program Files\omniformat\ntservice.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

BC AdBot (Login to Remove)

 


#2 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:11 AM

Posted 10 June 2007 - 11:24 AM

Hi,

Your PC is badly infected, please do the following:

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Next:

1. Download this file - ComboFix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please post both DrWeb report and ComboFix report, along with a fresh HiJackThis log.

jedi

Edited by jedi, 10 June 2007 - 11:24 AM.


#3 FSS2007

FSS2007
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 10 June 2007 - 10:40 PM

Thank you for the reply! Originally, I wasn't able to run the ComboFix but I restarted and it worked the second time. Below are all the logs you requested.

A couple of other things:
1. When I exited DrWeb in Safe Mode I got this message: No operations performed with some objects in list. Exit program?
Obviously I did exit it but just wanted to let you know that I did get a message.

2. After rebooting my laptop, I got these two pop up messages, both with the header RUNDLL:
a - Error loading C:\WINDOWS\system 32\drvvul.dll The specified module could not be found
b - Error loading C:\WINDOWS\system 32\fwglkvaj.dll The specified module could not be found



DrWeb CureIt log:

ipwins.exe;c:\program files\ipwindows;Trojan.Rond;Deleted.;
trustincontext.dll;c:\program files\trustin contextual;Adware.TrustIn;Incurable.Moved.;
inetloader.dll;c:\windows;Trojan.DownLoader.19172;Deleted.;
retadpu1000272.exe;c:\windows;Trojan.DownLoader.23807;Deleted.;
se_spoof.dll;c:\windows;Trojan.Iespoof;Deleted.;
audiosrvsa.dll;c:\windows\system32;Trojan.Click.1290;Deleted.;
ddayw.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
drvvul.dll;c:\windows\system32;Trojan.Fakealert.249;Deleted.;
fwglkraj.dll;c:\windows\system32;Trojan.Virtumod;Deleted.;
mscoriezb.dll;c:\windows\system32;Trojan.Click.2049;Deleted.;
nbiewpra.dll;c:\windows\system32;Trojan.Virtumod;Deleted.;
winjyg32.dll;c:\windows\system32;Trojan.Mezzia;Will be cured after reboot.;
wovvsqjs.dll;c:\windows\system32;Adware.Crew;Incurable.Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;Incurable.Moved.;
3 Months Free NetZero.exe;C:\Documents and Settings\All Users\Start Menu;Trojan.Click.1487;Deleted.;
4_cha[1].exe;C:\Documents and Settings\Elena Isaia-Tua\Local Settings\Temporary Internet Files\Content.IE5\CSQR0PCP;Adware.TrustIn;Incurable.Moved.;
11_se[1].exe;C:\Documents and Settings\Elena Isaia-Tua\Local Settings\Temporary Internet Files\Content.IE5\WBI2B4Q3;Trojan.MulDrop.4317;Deleted.;
2_bt[1].exe;C:\Documents and Settings\Elena Isaia-Tua\Local Settings\Temporary Internet Files\Content.IE5\YSL2KWIZ;Adware.AzeSearch;Incurable.Moved.;
mst174.tmp;C:\Documents and Settings\Maumea Isaia_2\Local Settings\Temp;Trojan.Fakealert.249;Deleted.;
temp.fr553B;C:\Documents and Settings\Maumea Isaia_2\Local Settings\Temp;Trojan.Click.2049;Deleted.;
win16A.tmp.exe;C:\Documents and Settings\Maumea Isaia_2\Local Settings\Temp;Trojan.DownLoader.23032;Deleted.;
win173.tmp.exe;C:\Documents and Settings\Maumea Isaia_2\Local Settings\Temp;Adware.Akella;Incurable.Moved.;
win176.tmp.exe;C:\Documents and Settings\Maumea Isaia_2\Local Settings\Temp;Trojan.DownLoader.22968;Deleted.;
trustincontext.dll;C:\Documents and Settings\Maumea Isaia_2\Local Settings\Temp\temp.fr736F;Adware.TrustIn;Incurable.Moved.;
trustincontext.dll;C:\Documents and Settings\Maumea Isaia_2\Local Settings\Temp\temp.frBD88;Adware.TrustIn;Incurable.Moved.;
3 Months Free NetZero.exe;C:\Documents and Settings\Maumea Isaia_2\My Documents\Downloaded Program Updates\misc icons;Trojan.Click.1487;Deleted.;
trustincontext.dll;C:\Documents and Settings\MSI\Local Settings\Temp\temp.frB592;Adware.TrustIn;Incurable.Moved.;
4_cha[1].exe;C:\Documents and Settings\MSI\Local Settings\Temporary Internet Files\Content.IE5\S0IUKC56;Adware.TrustIn;Incurable.Moved.;
11_se[1].exe;C:\Documents and Settings\MSI\Local Settings\Temporary Internet Files\Content.IE5\ZRFPC4W7;Trojan.MulDrop.4317;Deleted.;
2_bt[1].exe;C:\Documents and Settings\MSI\Local Settings\Temporary Internet Files\Content.IE5\ZRFPC4W7;Adware.AzeSearch;Incurable.Moved.;
aolsetup.exe;C:\Program Files\AIM6\services\softwareUpdate\ver2_13_13_7;Probably BACKDOOR.Trojan;Incurable.Moved.;
Yazzle1162OinAdmin.exe;C:\Program Files\Common Files;Adware.ClickSpring;Incurable.Moved.;
qdiagd.ocx;C:\Program Files\DellSupport;Probably DLOADER.Trojan;Incurable.Moved.;
ipwins.dll;C:\Program Files\Ipwindows;Trojan.Rond;Deleted.;
UnInstall.exe;C:\Program Files\Ipwindows;Trojan.Rond;Deleted.;
trustincontext.dll;C:\Program Files\TrustIn Contextual;Adware.TrustIn;;
A0044331.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155;Adware.TrustIn;Incurable.Moved.;
A0044332.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155;Adware.AzeSearch;Incurable.Moved.;
A0044333.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155;Adware.AzeSearch;Incurable.Moved.;
A0044385.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155;Adware.TrustIn;Incurable.Moved.;
A0044386.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155;Adware.AzeSearch;Incurable.Moved.;
A0044387.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP155;Adware.AzeSearch;Incurable.Moved.;
A0044852.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158;Adware.TrustIn;Incurable.Moved.;
A0044870.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158;Adware.AzeSearch;Incurable.Moved.;
A0044871.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158;Adware.TrustIn;Incurable.Moved.;
A0044872.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158;Adware.AzeSearch;Incurable.Moved.;
A0044965.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158;Trojan.Click.2049;Deleted.;
A0045915.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158;Trojan.Click.2049;Deleted.;
A0045916.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158;Adware.TrustIn;Incurable.Moved.;
A0046271.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158;Trojan.Virtumod;Deleted.;
A0046426.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158;Trojan.DownLoader.23032;Deleted.;
A0046427.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158;Adware.ClickSpring;Incurable.Moved.;
A0047451.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP159;Trojan.Rond;Deleted.;
A0047452.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP159;Trojan.DownLoader.19172;Deleted.;
A0047453.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP159;Trojan.DownLoader.23807;Deleted.;
A0047454.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP159;Trojan.Iespoof;Deleted.;
A0047455.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP159;Trojan.Click.1290;Deleted.;
A0047456.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP159;Trojan.Fakealert.249;Deleted.;
A0047457.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP159;Trojan.Virtumod;Deleted.;
A0047458.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP159;Trojan.Click.2049;Deleted.;
A0047459.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP159;Trojan.Virtumod;Deleted.;
A0047460.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP159;Trojan.Click.1487;Deleted.;
A0047461.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP159;Trojan.Rond;Deleted.;
A0047462.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP159;Trojan.Rond;Deleted.;
svchost.exe;C:\WINDOWS;Adware.Akella;Incurable.Moved.;
ClientAX.dll;C:\WINDOWS\Downloaded Program Files;Adware.Zango;Incurable.Moved.;
6to4svcs.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
actxprxyb.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
actxprxybv.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
admparsev.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
admparsevs.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
admparsevsv.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
AdobePDFa.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
adptifv.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
adsnwb.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
advpackv.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
alrsvcv.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
amstreamb.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
amstreams.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
AOLDiala.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
asferrorb.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
asferrorbs.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
asferrorbv.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
asferrors.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
asferrorv.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
asferrorvv.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
atkctrsb.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
atkctrsv.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
atlv.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
audiosrvs.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
avifil32b.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
avifiles.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
beschedv.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
blackboxa.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
blackboxb.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
browserb.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
browsewma.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
camocxs.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
catsrvpsb.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
catsrvv.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
cfgmgr32b.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
cfgmgr32v.dll;C:\WINDOWS\system32;Trojan.Click.1290;Deleted.;
ddayw.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
jkhhh.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
mtdqjiil.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
winjyg32.dll;C:\WINDOWS\system32;Trojan.Mezzia;Will be cured after reboot.;
wovvsqjs.dll;C:\WINDOWS\system32;Adware.Crew;;
A0046305.exe;E:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158;Trojan.DownLoader.22411;Deleted.;



ComboFix log:

ComboFix 07-06-11.3 - C:\Documents and Settings\Desktop\ComboFix.exe
- 2007-06-10 21:32:30 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ljjjklm.dll
C:\WINDOWS\system32\wyadd.bak2
C:\WINDOWS\system32\wyadd.ini
C:\WINDOWS\system32\ddayw.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\MAUMEA~2\Desktop.\internet explorer.lnk
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\WINDOWS\b122.exe
C:\WINDOWS\sks~1
C:\WINDOWS\wr.txt


((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))


2007-06-10 21:30 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-10 11:27 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\DoctorWeb
2007-06-10 03:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-10 03:38 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-06-10 03:34 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-10 03:34 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-10 03:33 <DIR> d-------- C:\HJT
2007-06-10 03:27 <DIR> d-------- C:\Program Files\Symantec
2007-06-10 03:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-06-10 03:24 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-10 02:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Symantec Temporary Files
2007-06-10 02:27 2,580 --a------ C:\WINDOWS\system32\crmfvoaq.exe
2007-06-10 01:38 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\cfmpgzwd.exe
2007-06-09 19:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-09 19:38 <DIR> d-------- C:\Program Files\VideoReDoPlus
2007-06-09 19:38 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\VideoReDoPlus
2007-06-04 21:17 <DIR> d-------- C:\Program Files\TrustIn Contextual
2007-06-03 00:20 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\Deneba
2007-06-02 03:19 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\Lavasoft
2007-05-28 03:55 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\tunebite
2007-05-23 23:04 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\Corel Photo Album
2007-05-23 00:30 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\AdobeUM
2007-05-21 01:11 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\Ahead
2007-05-20 22:28 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\Zeon
2007-05-20 22:22 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\Shared
2007-05-20 22:19 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\Incomplete
2007-05-20 22:18 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\LimeWire
2007-05-20 22:00 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\Share-to-Web Upload Folder
2007-05-20 22:00 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\GTek
2007-05-20 22:00 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\Fisher-Price
2007-05-20 22:00 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\ArcSoft
2007-05-20 21:59 3,932,160 --ah----- C:\DOCUME~1\MAUMEA~2\NTUSER.DAT
2007-05-20 21:59 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\Intel
2007-05-20 21:59 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\Google
2007-05-20 21:59 <DIR> d-------- C:\DOCUME~1\MAUMEA~2\APPLIC~1\Corel
2007-05-17 21:27 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-05-13 12:57 <DIR> d-------- C:\DOCUME~1\ELENAI~1\APPLIC~1\Deneba


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-10 02:13:42 7,154 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-10 02:13:27 104 --sh--r C:\WINDOWS\system32\38792A1BAB.sys
2007-06-06 08:52:51 -------- d-----w C:\Program Files\FreeFTP
2007-06-03 23:10:40 -------- d-----w C:\Program Files\ABC Amber LIT Converter
2007-05-18 05:02:06 -------- d-----w C:\Program Files\Bonjour
2007-05-07 23:23:41 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-02 17:38:58 -------- d-----w C:\Program Files\Lame MP3 Codec
2007-05-02 17:38:25 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2007-05-02 17:38:23 -------- d-----w C:\Program Files\XviD
2007-05-02 08:49:55 -------- d-----w C:\Program Files\LimeWire
2007-05-02 06:25:37 -------- d-----w C:\Program Files\CCleaner
2007-05-01 19:04:09 -------- d-----w C:\Program Files\MarkAny
2007-05-01 19:03:43 -------- d-----w C:\Program Files\Samsung
2007-04-21 05:49:18 -------- d-----w C:\Program Files\Common Files\Ahead
2007-04-21 05:29:53 -------- d-----w C:\Program Files\Nero
2007-04-20 20:37:16 -------- d-----w C:\Program Files\Viewpoint
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 02:27:58 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2007-03-15 02:19:56 95,864 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-03-15 02:19:26 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-03-12 20:51:08 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2006-05-30 06:36:32 56 --sh--r C:\WINDOWS\system32\83EAD597D8.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0edc6c20-a31c-11db-8ab9-0800200c9a66}=C:\WINDOWS\system32\audiosrvsa.dll []
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 04:20]
{631f7200-642e-11db-bd13-0800200c9a66}=C:\WINDOWS\system32\mscoriezb.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:55]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}=c:\Program Files\BAE\BAE.dll [2006-02-22 18:00]
{f015f320-ab08-11db-abbd-0800200c9a66}=C:\WINDOWS\inetloader.dll []
{F67EEB12-AB09-11DB-A6F1-260856D89593}=C:\WINDOWS\se_spoof.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 03:56]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 13:59]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 22:19 C:\WINDOWS\stsystra.exe]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-15 09:44]
"ShowLOMControl"="1 (0x1)" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-03-28 11:03]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 14:46]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 15:36]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-28 11:12]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"WD Button Manager"="WDBtnMgr.exe" [2006-10-08 18:20 C:\WINDOWS\system32\WDBtnMgr.exe]
"SSP Notifier"="C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-07-12 12:44]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19]
"PDF3 Registry Controller"="C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe" [2005-07-01 03:59]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-30 05:30]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 16:32]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 20:36]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 10:06]
"cfmpgzwd.exe"="C:\Documents and Settings\All Users\Application Data\cfmpgzwd.exe" [2007-06-10 01:38]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 19:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 01:24]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 19:39]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-31 23:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"=C:\Program Files\Common Files\svchost.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"="C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 16:51]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 05:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmnnk]
opnmnnk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjyg32]
winjyg32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=pushow91.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe


Contents of the 'Scheduled Tasks' folder
2007-03-26 05:44:56 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-10 16:51:58 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Maumea Isaia_2.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-10 22:20:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-10 22:33:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-10 22:33

--- E O F ---




New HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:01:06 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Documents and Settings\All Users\Application Data\cfmpgzwd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sandiego.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\audiosrvsa.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - C:\WINDOWS\system32\mscoriezb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll (file missing)
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [cfmpgzwd.exe] C:\Documents and Settings\All Users\Application Data\cfmpgzwd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eBook USB Driver.lnk = C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O20 - AppInit_DLLs: pushow91.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: opnmnnk - opnmnnk.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: OmniFormat from Pdf995 - Unknown owner - C:\Program Files\omniformat\ntservice.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe




Thanks again!

Edited by FSS2007, 11 June 2007 - 01:13 AM.


#4 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:11 AM

Posted 11 June 2007 - 05:53 AM

Hi again,

OK, that looks a lot better.

Please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0edc6c20-a31c-11db-8ab9-0800200c9a66}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631f7200-642e-11db-bd13-0800200c9a66}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f015f320-ab08-11db-abbd-0800200c9a66}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F67EEB12-AB09-11DB-A6F1-260856D89593}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cfmpgzwd.exe"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmnnk]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjyg32]


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Next:

Search for and delete these two files, if present (Start > Search > All Files/Folders)
C:\Documents and Settings\All Users\Application Data\cfmpgzwd.exe
C:\Program Files\Common Files\svchost.exe
- Note - Do NOT delete the file C:\Windows\System32\svchost.exe, only the one in the Common Files Folder

Next:

Please do the following:
Run a BitDefender Online scan Here and post the results.

Please also post a fresh HiJackThis log.

jedi

Edited by jedi, 11 June 2007 - 05:54 AM.


#5 FSS2007

FSS2007
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 12 June 2007 - 01:25 AM

Ok, I've done the first part but I'm on my 3rd try of the BitDefender scan. I left it running overnight and when I woke up this morning my Internet Explorer and scan status window had closed. I restarted the scan and left it running while I was away at work. I came home and found the same thing, both windows had closed. So I'm going to try it again and hope it completes this time. In case it shuts down again, is there another scan I can use?

Thanks for your help!

#6 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:11 AM

Posted 12 June 2007 - 05:37 AM

Ok, no problem, try this one instead:

http://support.f-secure.com/enu/home/ols.shtml

Just follow the prompts. If anything is found use the 'Cleaning' option (not sure if this is automatic or not). When the scan has finished click on 'Show Report' and copy and paste the results here. Please also post a fresh HiJackThis log. If the F-Secure scan doesn't run either, just post the HiJackThis log and we'll take it from there.

jedi

Edited by jedi, 12 June 2007 - 05:54 AM.


#7 FSS2007

FSS2007
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 12 June 2007 - 09:28 AM

The third time worked!

Here are the results:

BitDefender Scan:


BitDefender Online Scanner
Scan report generated at: Tue, Jun 12, 2007 - 03:48:44

Scan path: C:\;D:\;E:\;


Statistics

Time


04:27:06

Files


566621

Folders


12679

Boot Sectors


6

Archives


14277

Packed Files


34837







Results

Identified Viruses


4

Infected Files


10

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


6







Engines Info

Virus Definitions


513047

Engine build


AVCORE v1.0 (build 2409) (i386) (May 9 2007 18:01:21)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{60B07FAB-149B-402E-B7B5-1758AF7CB47A}\{3512DEFC-457D-4D5D-919D-EC67C03CAAEE}.qbd


Infected with: Trojan.IFrame.J

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{60B07FAB-149B-402E-B7B5-1758AF7CB47A}\{3512DEFC-457D-4D5D-919D-EC67C03CAAEE}.qbd


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{60B07FAB-149B-402E-B7B5-1758AF7CB47A}\{3512DEFC-457D-4D5D-919D-EC67C03CAAEE}.qbd


Delete failed

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{60B07FAB-149B-402E-B7B5-1758AF7CB47A}\{659BF508-B621-4EB8-A629-F4339E8262B9}.qbd


Infected with: Trojan.IFrame.J

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{60B07FAB-149B-402E-B7B5-1758AF7CB47A}\{659BF508-B621-4EB8-A629-F4339E8262B9}.qbd


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{60B07FAB-149B-402E-B7B5-1758AF7CB47A}\{659BF508-B621-4EB8-A629-F4339E8262B9}.qbd


Delete failed

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{60B07FAB-149B-402E-B7B5-1758AF7CB47A}\{8902B9BC-C8A7-40A6-BD27-7E51544283C9}.qbd


Infected with: Trojan.IFrame.J

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{60B07FAB-149B-402E-B7B5-1758AF7CB47A}\{8902B9BC-C8A7-40A6-BD27-7E51544283C9}.qbd


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{60B07FAB-149B-402E-B7B5-1758AF7CB47A}\{8902B9BC-C8A7-40A6-BD27-7E51544283C9}.qbd


Delete failed

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{60B07FAB-149B-402E-B7B5-1758AF7CB47A}\{D3F9C756-33FB-4550-B1A7-1AE677D73D11}.qbd


Infected with: Trojan.IFrame.J

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{60B07FAB-149B-402E-B7B5-1758AF7CB47A}\{D3F9C756-33FB-4550-B1A7-1AE677D73D11}.qbd


Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\{60B07FAB-149B-402E-B7B5-1758AF7CB47A}\{D3F9C756-33FB-4550-B1A7-1AE677D73D11}.qbd


Delete failed

E:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158\A0046304.exe=>(RAR Sfx o)=>keygen.exe


Infected with: Trojan.Downloader.LoadAdv.B

E:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158\A0046304.exe=>(RAR Sfx o)=>keygen.exe


Disinfection failed

E:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158\A0046304.exe=>(RAR Sfx o)=>keygen.exe


Deleted

E:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158\A0046304.exe=>(RAR Sfx o)


Update failed

E:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158\A0046304.exe=>(RAR Sfx o)=>crack.exe


Infected with: Trojan.Vundo.DMA

E:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158\A0046304.exe=>(RAR Sfx o)=>crack.exe


Disinfection failed

E:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158\A0046304.exe=>(RAR Sfx o)=>crack.exe


Deleted

E:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP158\A0046304.exe=>(RAR Sfx o)


Update failed

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\My Download Files\Morph20.exe=>wise0016=>wise0008


Infected with: Trojan.Downloader.Stubby.B

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\My Download Files\Morph20.exe=>wise0016=>wise0008


Disinfection failed

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\My Download Files\Morph20.exe=>wise0016=>wise0008


Deleted

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\My Download Files\Morph20.exe=>wise0016


Update failed

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\My Download Files\Morpheus20=>wise0016=>wise0008


Infected with: Trojan.Downloader.Stubby.B

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\My Download Files\Morpheus20=>wise0016=>wise0008


Disinfection failed

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\My Download Files\Morpheus20=>wise0016=>wise0008


Deleted

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\My Download Files\Morpheus20=>wise0016


Update failed

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\Misc\Morph20.exe=>wise0016=>wise0008


Infected with: Trojan.Downloader.Stubby.B

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\Misc\Morph20.exe=>wise0016=>wise0008


Disinfection failed

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\Misc\Morph20.exe=>wise0016=>wise0008


Deleted

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\Misc\Morph20.exe=>wise0016


Update failed

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\Misc\Morpheus20=>wise0016=>wise0008


Infected with: Trojan.Downloader.Stubby.B

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\Misc\Morpheus20=>wise0016=>wise0008


Disinfection failed

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\Misc\Morpheus20=>wise0016=>wise0008


Deleted

E:\Desktop 10-29-2006\New Folder\Stuff from old computer\Misc\Morpheus20=>wise0016


Update failed



HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:18:42 AM, on 6/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eBook USB Driver.lnk = C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O20 - AppInit_DLLs: pushow91.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: OmniFormat from Pdf995 - Unknown owner - C:\Program Files\omniformat\ntservice.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



Thanks!

#8 FSS2007

FSS2007
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 12 June 2007 - 10:11 AM

One more thing - I didn't find this file:
C:\Program Files\Common Files\svchost.exe

#9 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:11 AM

Posted 12 June 2007 - 10:22 AM

Hi again,


OK, that log looks clean, how's the PC running now?

jedi

#10 FSS2007

FSS2007
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 13 June 2007 - 05:56 AM

It's running great now! It starts up faster, no more pop ups or error messages. Thank you so much for all the help!!!!

#11 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:11 AM

Posted 14 June 2007 - 03:19 AM

You're most welcome. :thumbsup:

In order to be better protected in the future, I recommend the following programs:

SpywareBlaster protects against bad ActiveX.
http://www.javacoolsoftware.com/spywareblaster.html

SpywareGuard stops Spyware from being installed.
http://www.javacoolsoftware.com/spywareguard.html

Also install the MVPS hosts file:
http://www.mvps.org/winhelp2002/hosts.htm
which blocks innocent looking sites that are not so innocent.

All three are very small free programs that you run once, and then just occasionally to check for updates.

Also see
How did I get Infected?

Finally, it is best to update your system regularly, to ensure you have the latest security patches from Microsoft. Update by clicking
here http://v4.windowsupdate.microsoft.com/
and following the prompts.

Take care.

jedi

#12 FSS2007

FSS2007
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 17 June 2007 - 04:50 PM

Hi - I'm back again. I've downloaded all the programs you listed. I am still having a couple of issues. It takes a very long time for my desktop to load and when using Internet Explorer, the page always gets redirected to this Dell screen where it says it could not find the link we were looking for. I usually use Mozilla Firefox and have not had any problems there. I'm just concerned because other family members prefer Internet Explorer and have been experiencing the redirection problems.

Here is a new HJT log - is there any chance you can look it over for me? I appreciate your time and help!



Logfile of HijackThis v1.99.1
Scan saved at 2:45:46 PM, on 6/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\calc.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sandiego.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eBook USB Driver.lnk = C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O20 - AppInit_DLLs: pushow91.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: OmniFormat from Pdf995 - Unknown owner - C:\Program Files\omniformat\ntservice.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Thanks again!

#13 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:11 AM

Posted 22 June 2007 - 04:52 AM

Hi again,

My apologies, I didn't see you'd reposted.

Scan with HiJackThis and put a check in the box next to the following items;

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll

Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

Restart.

Download and run ViewpointKiller.

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread.

jedi

#14 FSS2007

FSS2007
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 25 June 2007 - 02:34 AM

Hello - sorry for the delay, we just finished our family reunion.

I followed your instructions and here is the updated HJT log.

Thanks again!



Logfile of HijackThis v1.99.1
Scan saved at 12:14:19 AM, on 6/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sandiego.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eBook USB Driver.lnk = C:\Program Files\eBook Technologies\eBook USB Driver\TrayEBU.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O20 - AppInit_DLLs: pushow91.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: OmniFormat from Pdf995 - Unknown owner - C:\Program Files\omniformat\ntservice.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Edited by FSS2007, 25 June 2007 - 02:36 AM.


#15 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:11 AM

Posted 25 June 2007 - 03:47 AM

Hi again,

we just finished our family reunion.

I hope it went well.

Hopefully I removed the Error Redirector, is the redirect still happening?

jedi




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users