Help Removing Adware: favadd, ipbill & azesearch [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

Help Removing Adware: favadd, ipbill & azesearch [RESOLVED]

Options

jrenda View Member Profile	May 20 2007, 12:10 PM Post #1
Member Posts: 14 OS: xp	Hi, I was hhaving a slow computer and Outlook. So I checked for Malware and ran through all of the recommendations in the Malware Cleaning Guide and I installed all of the recommended pprotection programs, but I am still getting some reports of infections (see below). Any help you can provide would be greatly apreciated. Thanks, Jeff Panda found the following: Adware:adware/favadd Not disinfected Windows Registry Adware:adware/ipbill Not disinfected Windows Registry Adware:adware/azesearch Not disinfected Windows Registry And I just ran AVG again (after everything was clean) and it discovered: HKU\S-1-5-21-1598592695-2103222945-3113953646-1107\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -> Adware.TrustCleaner : Cleaned with backup (quarantined). Logfile of HijackThis v1.99.1 Scan saved at 10:58:01 AM, on 5/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\basfipm.exe C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL$HRDB\Binn\sqlservr.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Exchsrvr\bin\exmgmt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\System32\taskswitch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\WINDOWS\system32\DSentry.exe C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Fanix\As-U-Type\AsutypeFull.exe C:\Program Files\PureText\PureText.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Dell\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.1.1:8080 N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\jrenda\Application Data\Mozilla\Profiles\default\7x4kq9ot.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\jrenda\Application Data\Mozilla\Profiles\default\7x4kq9ot.slt\prefs.js) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing) O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\system32\DSentry.exe O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\ServicePackFiles\i386\msconfig.exe /auto O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [As-U-Type 3.2] C:\Program Files\Fanix\As-U-Type\AsutypeFull.exe O4 - HKCU\..\Run: [PureText] "C:\Program Files\PureText\PureText.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AltiView.lnk = C:\Program Files\AltiGen\AltiView 4.0A\AltiClient.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: TypePad QuickPost - http://www.typepad.com/t/app?__mode=reg_qp...p;qp_height=540 O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: C:\Program Files\eGrabber\AddressGrabber Business 5.0\AddressGrabber - {90A81828-92DB-400e-AECD-78C540F5EB49} - C:\Program Files\eGrabber\AddressGrabber Business 5.0\InternetAddress.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: BlogJet This! - {F2EB8589-51A5-4CD7-B665-F8CB564B6CE6} - C:\Documents and Settings\jrenda\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js O9 - Extra 'Tools' menuitem: BlogJet This! - {F2EB8589-51A5-4CD7-B665-F8CB564B6CE6} - C:\Documents and Settings\jrenda\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://insite.sitesystems.com O15 - Trusted Zone: http://*.sscorp-apps1 O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.learnitcorp.com/cabs/lcsim.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {4C57C98A-E582-46E4-8FD8-5EBDC94CEA39} (Mindjet MindManager Viewer Control) - http://www.mindjet.com/viewer/eng/MjMmViewer.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1120792866951 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://www.sonypictures.com/games/thedavin...aderControl.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://isgui.dev.sitesystems.com/administr...red/XUpload.ocx O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sitesystems.biz O17 - HKLM\Software\..\Telephony: DomainName = sitesystems.biz O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sitesystems.biz O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sitesystems.biz O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = sitesystems.biz O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperServer\DKService.exe O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Unknown owner - C:\Program Files\WS_FTP\ftpsched.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: SQL Server (ACT7) (MSSQL$ACT7) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sACT7 (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: System Event Dispatcher - Unknown owner - C:\WINDOWS\system32\capidwow.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE UNINSTALL LIST: ACT! Link for Pocket PC ACT! Premium 9.0 Ad-Aware SE Personal AddressGrabber Business 5.0 Adobe Acrobat 7.0.9 Professional Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Bridge 1.0 Adobe Common File Installer Adobe Creative Suite 2 Adobe Help Center 1.0 Adobe Image Viewer Plugin 4.0 Adobe PDF IFilter 6.0 Adobe Reader 7.0.9 Adobe Reader for Pocket PC 2.0 Adobe Stock Photos 1.0 Adobe SVG Viewer ALPS Touch Pad Driver Altdesk.1.7 AltiConsole 4.0A AltiView 4.0A AltiWare Administrator 4.0A Alt-Tab Task Switcher Powertoy for Windows XP Apple Software Update ArcSoft Camera Suite 1.3 As-U-Type 3.2 (American) Full ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver ATI HYDRAVISION Attribute Changer 5.23 Audacity 1.2.4 AVG Anti-Spyware 7.5 Axosoft OnTime 2006 Windows Edition BlogJet 1.6.2.60 Broadcom Advanced Control Suite Broadcom ASF Management Applications Broadcom Gigabit Integrated Controller Brother P-touch Editor Version 4.0 Brother P-touch Quick Editor Calculator Powertoy for Windows XP Canon Camera Support Core Library Canon Camera Window for ZoomBrowser EX Canon Digital Camera USB WIA Driver Canon MovieEdit Task for ZoomBrowser EX Canon PhotoRecord Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities PhotoStitch 3.1 Canon Utilities RemoteCapture 2.7 Canon Utilities ZoomBrowser EX CCleaner (remove only) Check Point SecureClient Check Point VPN-1 SecuRemote NG_AI_R56 Citeknet CAB IFilter Citeknet CHM IFilter Citeknet HLP IFilter Citeknet RAR IFilter Citeknet ZIP IFilter (Beta) CleanUp! ClearContext Information Management System ClearContext Information Management System ClearContext Outlook Rules Module C-Major Audio CmdHere Powertoy For Windows XP Collectorz.com Book Collector CompanionLink Conexant D480 MDC V.92 Modem Crash Analysis Tool Debugging Tools for Windows Dell Bluetooth Software Dell ResourceCD Dell Solution Center Dell Wireless WLAN Card Dell™ Client Configuration Utility Dickies 500 Screensaver Digital Line Detect DiskeeperServer Doppler Dragon NaturallySpeaking 9 DVArchive V3.1 DVDSentry Easy CD Creator 5 Basic EasyGPS eWallet 4.1 for Windows PCs eWallet 4.1 Professional Edition (Pocket PC) eWallet for Pocket PC Flash Saving Plugin FlexMail 2006 Build 575 Flickr4Writer FolderMatch v3.4.8 FolderMatch v3.4.8 (C:\Program Files\FolderMatch\) Form Fill (Windows Live Toolbar) FreeUndelete Garmin c320 City Navigator North America NT v8 Garmin POI Loader Garmin USB Drivers Garmin WebUpdater Getting Things Done Outlook Add-In Google AdWords Editor Google Earth Highlight Viewer (Windows Live Toolbar) HighMAT Extension to Microsoft Windows XP CD Writing Wizard Hijackthis 1.99.1 HijackThis 1.99.1 HomeSeer 1.5.2 Build 10 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB890927) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB928388) Hotfix for Windows XP (KB929120) hp photosmart P1000 series HTML Slideshow Powertoy for Windows XP ICMPStat IFilterShop CHM IFilter (remove only) IFilterShop MindManager IFilter (remove only) IFilterShop XMP IFilter (remove only) IFilterShop Zip IFilter WE 1.2 (remove only) Image Resizer Powertoy for Windows XP Insert Spaces Emoticon Plugin InterVideo WinDVD ISO Recorder iTunes Java 2 Runtime Environment, SE v1.4.2_08 Lame ACM MP3 Codec Lavasoft VX2 Cleaner Lernout & Hauspie TruVoice American English TTS Engine ListPro LiveReg (Symantec Corporation) LiveUpdate 2.6 (Symantec Corporation) LSP Explorer plug-in for Ad-Aware SE Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Fireworks 8 Macromedia Flash 8 Macromedia Flash 8 Video Encoder Macromedia Flash MX 2004 Macromedia Flash Player 8 Macromedia Flash Player 8 Macromedia Flash Player 8 Plugin Macromedia Shockwave Player Magnifier Powertoy for Windows XP McAfee VirusScan Enterprise MetaFrame Presentation Server Web Client for Win32 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 Microsoft ActiveSync Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft Exchange Microsoft Internationalized Domain Names Mitigation APIs Microsoft Internet Explorer 5 PowerTweaks Web Accessory Microsoft Internet Explorer 5 Web Developer Accessories Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Web Components Microsoft Office FrontPage 2003 Microsoft Office Live Meeting 2005 Microsoft Office Professional Edition 2003 Microsoft Office Project Add-in for Outlook Microsoft Office Project Professional 2003 Microsoft Office Visio Professional 2003 Microsoft Phishing Filter Add-in for MSN Search Toolbar Microsoft Reader Microsoft Reader for Pocket PC Microsoft Reader Text-to-Speech for English Microsoft Speech Recognition Engine 4.0 (English) Microsoft SQL Server 2000 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (ACT7) Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server Desktop Engine (HRDB) Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual SourceSafe 6.0 Microsoft Voice Command US PPC 1.50 Microsoft Windows Journal Viewer MightySync 2.0 Mindjet MindManager Pro 6 Mindjet MindManager Viewer MiniTelnetB Modem Helper Move Networks Player for Internet Explorer Mozilla Firefox (1.5.0.11) Msg IFilter MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 6.0 Parser NEOedit Nero - Burning Rom NetFront v3.2 for Pocket PC (PPC3ARENR101D) Netscape (7.1) Netscape (7.2) Netscape Browser (remove only) Netscape Communicator 4.7 NetWaiting Norton Ghost 10.0 O2Micro Smartcard Driver Paint Shop Pro 6.0 (ESD) Palm Desktop Palm Desktop and Synchronization Software Pamela Pro 3.5 Panda ActiveScan PDF-XChange 3.0 PeerSync v7.2 PhatNotes PhatNotes Standard Edition PMA_SS Screen Saver Pocket Controller-Professional Pocket Informant Pro 2005 Rev 4 Pocket Ping 1.0 PocketPC Expense Desktop Poi Edit v4.5.1 Privoxy 3.0.6 ProntoNEO Firmware Update Tool P-touch AV Editor P-touch Editor 3.2 P-touch Quick Editor PuTTY version 0.59 QuarkXPress 5.0 QuickBooks Premier: Professional Services Edition 2004 QuickLink Plugin for Windows Live Writer QuickSet QuickTime RealPlayer Resco Explorer Resco Explorer 2003 Samsung Music Studio Secret! Desktop Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Microsoft .NET Framework 2.0 (KB922770) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) ShellExView SigmaTel AC97 Audio Drivers Skype Toolbar for Outlook Skype� 3.2 Slideshow Generator Powertoy for Windows XP SnagIt 8 SolidConverterPDF Spb Pocket Plus SpbTime Spector 360 Dashboard Spybot - Search & Destroy 1.4 SpywareBlaster v3.5.1 SpywareGuard v2.2 StuffIt Standard Suite Specific SUPERAntiSpyware Free Edition Symantec pcAnywhere SyncToy TestTrack Pro TextPad 4.7 Theme Generator V2 Time Zone Data Update Tool for Microsoft Office Outlook Timershot Powertoy for Windows XP Timeslips Tor 0.1.1.26 Tweak UI Twiddlebit Pocket Plan UC-DataLink UltraEdit-32 Update for Exchange Server 2003 (KB926666) Update for Windows XP (KB920342) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925720) Update for Windows XP (KB925876) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) VanDyke Software SecureCRT 5.2 VanDyke Software SecureCRT 5.2 ViceVersa Pro 2 (Build 2010) Vidalia 0.0.7 VideoLAN VLC media player 0.6.2 VideoLAN VLC media player 0.8.1 ViewSonic Windows XP Signed Files Virtual Desktop Manager Powertoy for Windows XP Weather Add-in for MSN Search Toolbar WebEx MeetMeNow WebTimeSync Windows Communication Foundation Windows Defender Windows Defender Signatures Windows Desktop Search Windows Desktop Search (KB926356-V2) Windows Genuine Advantage v1.3.0254.0 Windows Imaging Component Windows Internet Explorer 7 Windows Live Outlook Toolbar (Windows Live Toolbar) Windows Live Safety scanner Windows Live Toolbar Windows Live Toolbar Windows Live Writer (Beta) Windows Live Writer (Beta) Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows Mobile Daylight Saving Time 2007 Updates Windows Mobile Daylight Saving Time 2007 Updates Windows Presentation Foundation Windows Resource Kit Tools Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 Windows Server 2003 Service Pack 1 Administration Tools Pack Windows Vista Upgrade Advisor Windows Workflow Foundation WinHTTrack Website Copier 3.30 WinISO 5.3 WinRAR archiver WinZip WinZip Command Line Support Add-On 2.0 X-Lite 3.0 xplorer� lite xplorer� professional YP-F1 ZoneAlarm Thanks Again! Jeff

Crustyoldbloke View Member Profile	May 21 2007, 02:37 PM Post #2
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Hello Jeff and welcome to Geeks to Go As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible. ALL staff here at Geeks To Go are volunteers, please bear that in mind if I don�t answer your post as quickly as you�d like; I give what time I can. Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC�s (family PC�s) present a different problem; please tell me if your PC has more than one individual�s setting, but continue with the fix. Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.) You have a little visible malware. Let�s see what we can do with a couple of scans. You appear to have two antivirus (AV) programmes running; Norton and Network Associates. This is bad practice as they will cause slowness and also conflicts. Please uninstall one of them. May I ask you to confirm that the entries at 015 and 017 in your HJT log are legitimate; they look OK to me, but I have to ask. Please disable Windows Defender from running during the fix, it may just hinder our attempts to change anything. Open Windows Defender, click Tools, click Options, under Real-time protection options, clear the Use real-time protection check box, click Save Please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop: CCleaner Update combofix.exe Go to Start>Run and type Services.msc then hit OK Scroll down and find this service: System Event Dispatcher When you find it, double-click on it. In the next window that opens, click the Stop button, then click on Properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then OK. Run HiJackThis. Click on None of the above, just start the program. Now, click on the Config button (bottom right), then click on Misc Tools, then click on Delete an NT Service a window will pop up. Enter this item into that field (copy and paste): System Event Dispatcher Click OK. It should pull up information about the service, when it asks if you want to reboot now click YES Please open, and update AVG Anti Spyware Load AVGas and then click the Update tab at the top. Under Manual Update click Start update.(you may have to try at different times as this is a very busy server). After the update finishes (the status bar at the bottom will display "Update successful") Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Deselect "Only if threats were found" Close AVGas. Do not run it yet. Next, please reboot your computer in Safe Mode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. For additional help in booting into Safe Mode, see the following site: Safe Mode In Safe Mode, load AVGas and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient. AVGas will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVGas will display "All actions have been applied" on the right hand side. Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop). Please ensure you post that log in your reply. Now please install CWShredder, and run it. Click Check For Update, then Fix and then OK followed by Next, let it fix everything it asks about Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O23 - Service: System Event Dispatcher - Unknown owner - C:\WINDOWS\system32\capidwow.exe (file missing) Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into normal mode. I recommend that you run CCleaner. Update it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the Windows tab, and under the heading of Applications, Utilities uncheck AVGas Anti-Spyware then click Analyze> Run Cleaner. Also click Issues then Scan for issues � fix selected issues Double click combofix.exe & follow the prompts. When it has finished, it will produce a log. Please post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Post back a fresh HijackThis log (from normal mode) and I will take another look. (3 logs in total please).

jrenda View Member Profile	May 21 2007, 08:56 PM Post #3
Member Posts: 14 OS: xp	Thank you very much for your help! To answer your questions: > You appear to have two antivirus (AV) programmes running; Norton and Network Associates I am only running McAfee (Network Associates) Virus Scan not Norton, could that be another Symantec product? > May I ask you to confirm that the entries at 015 and 017 in your HJT log are legitimate; Yes they are legitimate. I will follow your instructions and post up the logs. Thanks Again! Jeff

Crustyoldbloke View Member Profile	May 22 2007, 01:19 AM Post #4
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Thanks for the info; I'll await the logs.

jrenda View Member Profile	May 22 2007, 02:50 AM Post #5
Member Posts: 14 OS: xp	I ran all of the tests your mentioned and there were a couple of issues that the software found: AVG Anti-Spyware found Logger.Bancos and CWSHREDDER found and removed CWS.MSCONFIG. Following are the reports. Thanks again for all of your help. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 12:31:21 AM 5/22/2007 + Scan result: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP753\A0109930.dll -> Logger.Bancos : Cleaned. C:\Documents and Settings\jrenda\Cookies\jrenda@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\jrenda\Cookies\jrenda@com[1].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\jrenda\Cookies\jrenda@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned. C:\Documents and Settings\jrenda\Cookies\jrenda@sales.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\jrenda\Cookies\jrenda@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\jrenda\Cookies\jrenda@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\jrenda\Cookies\jrenda@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\jrenda\Cookies\jrenda@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\jrenda\Cookies\jrenda@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\jrenda\Cookies\jrenda@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned. C:\Documents and Settings\jrenda\Cookies\jrenda@revsci[1].txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\jrenda\Cookies\jrenda@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\jrenda\Cookies\jrenda@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\jrenda\Cookies\jrenda@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned. ::Report end "jrenda" - 2007-05-22 1:28:00 Service Pack 2 ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\jrenda\My Documents\Downloads\Malware Removal\Fixes to My PC\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atarm.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atas32.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atasanot.exe C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atasctrl.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atasnt40.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atcarmcl.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atdl2006.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atjpeg60.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atkbctl.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atlchat.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atmemmgr.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atnetext.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atpack.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atres.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\attp.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\atwbxui5.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\ieatgpc.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwm.ini C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwmcliun.exe C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwmim.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwmoi.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwmpad.exe C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwmproxy.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwmres.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwmres1.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwmtrace.txt C:\WINDOWS\DOWNLO~1.\MyWebEx\419\mwmupd.exe C:\WINDOWS\DOWNLO~1.\MyWebEx\419\ratrace.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\raurl.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\uilibres.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\wbxcrypt.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\419\webexmgr.dll C:\Program Files\install.log C:\WINDOWS\system32\drivers\fad.sys C:\WINDOWS\DOWNLO~1.\MyWebEx ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_FAD -------\LEGACY_NPF -------\FAD ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-22 )))))))))))))))))))))))))))))))))) 2007-05-20 17:04 60,273 --a------ C:\WINDOWS\SYSTEM32\pthreadGC2.dll 2007-05-20 17:04 10,752 --a------ C:\WINDOWS\SYSTEM32\ff_vfw.dll 2007-05-20 17:04 <DIR> d-------- C:\Program Files\ffdshow 2007-05-20 17:00 <DIR> d-------- C:\Program Files\Haali 2007-05-20 10:11 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys 2007-05-19 20:11 4,212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat 2007-05-19 20:11 11,264 --a------ C:\WINDOWS\SYSTEM32\SpOrder.dll 2007-05-19 20:09 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-05-19 20:06 <DIR> d-------- C:\Program Files\SpywareGuard 2007-05-19 20:01 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-05-19 16:32 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan 2007-05-19 14:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-05-19 14:45 <DIR> d-------- C:\DOCUME~1\jrenda\APPLIC~1\SUPERAntiSpyware.com 2007-05-19 14:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-05-19 11:48 <DIR> d-------- C:\DOCUME~1\SSLAdmin\APPLIC~1\Ipswitch 2007-05-19 11:14 1,048,576 --ah----- C:\DOCUME~1\SSLAdmin\NTUSER.DAT 2007-05-17 16:06 <DIR> d-------- C:\Program Files\FreeUndelete 2007-05-10 12:36 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-04-27 16:33 <DIR> d-------- C:\Program Files\Common Files\Skype 2007-04-22 03:18 <DIR> d-------- C:\Program Files\uTorrent (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-22 00:34:11 4,130 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-05-21 04:43:15 -------- d-----w C:\DOCUME~1\jrenda\APPLIC~1\uTorrent 2007-05-20 18:56:25 -------- d-----w C:\Program Files\WS_FTP 2007-05-20 01:42:03 -------- d-----w C:\Program Files\Windows Live Toolbar 2007-05-20 01:41:54 -------- d-----w C:\Program Files\Windows Desktop Search 2007-05-20 01:41:50 -------- d-----w C:\Program Files\Windows Defender 2007-05-20 01:41:32 -------- d-----w C:\Program Files\UltraEdit 2007-05-20 01:39:04 -------- d-----w C:\Program Files\PureText 2007-05-20 01:31:31 -------- d-----w C:\Program Files\Microsoft ActiveSync 2007-05-20 01:27:03 -------- d-----w C:\Program Files\ISO Recorder 2007-05-20 01:22:47 -------- d-----w C:\Program Files\Digital Line Detect 2007-05-20 01:22:03 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-05-20 01:17:06 -------- d-----w C:\Program Files\Apoint 2007-05-19 23:38:35 -------- d-----w C:\Program Files\TextPad 4 2007-05-19 21:44:35 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-05-11 03:38:29 -------- d-----w C:\DOCUME~1\jrenda\APPLIC~1\Vidalia 2007-05-11 03:38:04 -------- d-----w C:\DOCUME~1\jrenda\APPLIC~1\Tor 2007-05-10 21:06:33 -------- d-----w C:\DOCUME~1\jrenda\APPLIC~1\SolidDocuments 2007-05-01 18:03:41 -------- d-----w C:\DOCUME~1\jrenda\APPLIC~1\Skype 2007-04-28 16:42:03 -------- d-----w C:\DOCUME~1\jrenda\APPLIC~1\Doppler 2007-04-27 23:33:18 -------- d-----w C:\Program Files\Skype 2007-04-25 11:30:12 -------- d-----w C:\DOCUME~1\jrenda\APPLIC~1\AdobeUM 2007-04-22 14:40:57 777 --sha-w C:\WINDOWS\system32\mmf.sys 2007-04-22 05:59:09 -------- d--h--w C:\DOCUME~1\jrenda\APPLIC~1\Move Networks 2007-04-15 20:19:26 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-04-15 19:24:05 110,144 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT 2007-04-15 09:16:30 -------- d-----w C:\Program Files\MSBuild 2007-04-07 02:39:22 -------- d-----w C:\DOCUME~1\jrenda\APPLIC~1\Pamela 2007-04-07 02:39:14 180,224 ----a-w C:\WINDOWS\system32\RemoteControl.dll 2007-04-04 10:30:32 -------- d-----w C:\DOCUME~1\jrenda\APPLIC~1\Google 2007-04-04 10:28:25 -------- d-----w C:\Program Files\Google 2007-04-02 19:53:35 4,513 ----a-w C:\DOCUME~1\jrenda\APPLIC~1\SAS7_000.DAT 2007-03-30 17:03:15 -------- d-----w C:\Program Files\ClearContext 2007-03-28 22:25:10 229,376 ----a-w C:\WINDOWS\system32\Act9AB32.dll 2007-03-28 16:54:32 180,224 ----a-w C:\WINDOWS\system32\Act9Ext.dll 2007-03-23 21:34:32 -------- d-----w C:\Program Files\AltiGen 2007-03-23 13:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll 2007-03-23 13:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll 2007-03-23 03:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll 2007-03-18 17:24:26 -------- d-----w C:\Program Files\iTunes 2007-03-18 17:24:02 -------- d-----w C:\Program Files\iPod 2007-03-18 17:22:32 -------- d-----w C:\Program Files\QuickTime 2007-03-18 17:19:41 -------- d-----w C:\Program Files\Apple Software Update 2007-03-17 22:29:13 24,576 ----a-w C:\WINDOWS\mpglib.dll 2007-03-17 22:29:09 175,104 ----a-w C:\WINDOWS\lame_enc.dll 2007-03-17 21:30:51 -------- d-----w C:\Program Files\Pamela 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-15 04:33:14 -------- d-----w C:\DOCUME~1\jrenda\APPLIC~1\Nuance 2007-03-15 04:29:41 -------- d-----w C:\Program Files\Common Files\Scansoft Shared 2007-03-15 04:28:59 -------- d-----w C:\Program Files\Nuance 2007-03-11 07:49:10 -------- d-----w C:\Program Files\Windows Mobile DST07 Updates 2007-03-11 02:28:46 -------- d-----w C:\Program Files\Microsoft SQL Server 2007-03-11 02:21:25 -------- d-----w C:\Program Files\MSXML 6.0 2007-03-10 20:04:49 -------- d-----w C:\DOCUME~1\jrenda\APPLIC~1\ICAClient 2007-03-10 20:04:26 -------- d-----w C:\Program Files\Citrix 2007-03-09 14:19:15 -------- d-----w C:\Program Files\Microsoft Windows Vista Upgrade Advisor 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys 2007-03-05 08:13:11 -------- d-----w C:\Program Files\Common Files\Intel 2007-03-05 08:13:07 -------- d-----w C:\Program Files\CounterPath 2007-02-10 13:29:52 67,952 ----a-w C:\WINDOWS\system32\sqlctr90.dll 2007-02-10 13:29:52 2,234,224 ----a-w C:\WINDOWS\system32\sqlncli.dll 2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {00C6482D-C502-44C8-8409-FCE54AD9C208}=C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-02-06 10:08] {11359F4A-B191-42d7-905A-594F8CF0387B}=C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll [2003-02-06 08:16] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-04-20 17:51] {259F616C-A300-44F5-B04A-ED001A26C85C}=C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2005-03-05 08:39] {2F85D76C-0569-466F-A488-493E6BD0E955}=C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-11-21 15:53] {4A368E80-174F-4872-96B5-0B27DDD11DB2}=C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 23:24] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {AC41D38F-B56D-40AD-94E0-B493D130C959}=C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll [2005-09-13 03:08] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-10-11 00:26] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="%SystemRoot%\system32\mobsync.exe" [] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 10:44] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58] "CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2002-03-19 18:30] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-13 13:20] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48] "DVDSentry"="C:\WINDOWS\system32\DSentry.exe" [2003-02-06 14:41] "SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2004-04-29 14:15] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 21:05] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 21:48] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "As-U-Type 3.2"="C:\Program Files\Fanix\As-U-Type\AsutypeFull.exe" [2005-11-17 16:18] "PureText"="C:\Program Files\PureText\PureText.exe" [2003-08-21 03:00] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-19 20:44] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe "IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-11-21 15:50] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 07:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify] ckpNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1598592695-2103222945-3113953646-1107\Scripts\Logon\0\0] "Script"=LA1Logon.vbs [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader] "C:\Program Files\ACT\ACT for Win 7\ActSage.exe" -preload [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service] "C:\Program Files\ACT\ACT for Win 7\Act.Outlook.Service.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bascstray] BascsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Norton Ghost"=3 (0x3) "ACT! Scheduler"=2 (0x2) "LicCtrlService"=2 (0x2) "iPod Service"=3 (0x3) "GEARSecurity"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d415f3d-936c-11da-9d5e-0010c63b4731}] AutoRun\command- rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070522-010456-397 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) ???????????????????????????????????????????4??????????????????????????????????????????????????????????????????????????????????????????????????=?? backup-20070522-010455-480 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) ???????????????????????????????????????????4??????????????????????????????????????????????????????????????????????????????????????????????????=?? backup-20070522-010455-562 O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing) Contents of the 'Scheduled Tasks' folder 2007-05-22 08:26:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job 2006-05-24 03:08:10 C:\WINDOWS\tasks\Critical Battery Alarm Program.job 2006-05-24 03:08:52 C:\WINDOWS\tasks\Low Battery Alarm Program.job 2007-05-22 08:09:32 C:\WINDOWS\tasks\MP Scheduled Scan.job 2007-05-22 00:34:15 C:\WINDOWS\tasks\User_Feed_Synchronization-{DE653114-CEC6-40D5-8847-B614B415575F}.job 2007-05-22 04:24:26 C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_SITESYSTEMS_jrenda.job ****************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-22 01:37:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ****************************************************************** Completion time: 2007-05-22 1:43:30 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-22 01:43 --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 01:47, on 2007-05-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\basfipm.exe C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL$HRDB\Binn\sqlservr.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Exchsrvr\bin\exmgmt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\System32\taskswitch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\WINDOWS\system32\DSentry.exe C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fanix\As-U-Type\AsutypeFull.exe C:\Program Files\PureText\PureText.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Dell\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.1.1:8080 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\jrenda\Application Data\Mozilla\Profiles\default\7x4kq9ot.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\jrenda\Application Data\Mozilla\Profiles\default\7x4kq9ot.slt\prefs.js) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\system32\DSentry.exe O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [As-U-Type 3.2] C:\Program Files\Fanix\As-U-Type\AsutypeFull.exe O4 - HKCU\..\Run: [PureText] "C:\Program Files\PureText\PureText.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AltiView.lnk = C:\Program Files\AltiGen\AltiView 4.0A\AltiClient.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: TypePad QuickPost - http://www.typepad.com/t/app?__mode=reg_qp...p;qp_height=540 O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: C:\Program Files\eGrabber\AddressGrabber Business 5.0\AddressGrabber - {90A81828-92DB-400e-AECD-78C540F5EB49} - C:\Program Files\eGrabber\AddressGrabber Business 5.0\InternetAddress.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra button: BlogJet This! - {F2EB8589-51A5-4CD7-B665-F8CB564B6CE6} - C:\Documents and Settings\jrenda\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js O9 - Extra 'Tools' menuitem: BlogJet This! - {F2EB8589-51A5-4CD7-B665-F8CB564B6CE6} - C:\Documents and Settings\jrenda\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://insite.sitesystems.com O15 - Trusted Zone: http://*.sscorp-apps1 O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.learnitcorp.com/cabs/lcsim.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {4C57C98A-E582-46E4-8FD8-5EBDC94CEA39} (Mindjet MindManager Viewer Control) - http://www.mindjet.com/viewer/eng/MjMmViewer.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1120792866951 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://www.sonypictures.com/games/thedavin...aderControl.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://isgui.dev.sitesystems.com/administr...red/XUpload.ocx O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sitesystems.biz O17 - HKLM\Software\..\Telephony: DomainName = sitesystems.biz O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sitesystems.biz O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sitesystems.biz O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = sitesystems.biz O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperServer\DKService.exe O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 - C:\Program Files\WS_FTP\ftpsched.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: SQL Server (ACT7) (MSSQL$ACT7) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sACT7 (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE Thanks Again! Jeff

Crustyoldbloke View Member Profile	May 22 2007, 03:05 AM Post #6
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Hello again Jeff I just see the one entry in HJT to adjust: Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following: O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe Click on Fix Checked when finished and exit HijackThis. Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK Under the "General" Tab Ensure "Normal Startup-load all device drivers and services" is checked. Click Apply->OK->Follow the prompts to Restart Please post a fresh HJT log after rebooting. Is it just slowness now that troubles you? Do you want me to speed up your computer's running and start up?

Crustyoldbloke View Member Profile	Jun 1 2007, 01:54 AM Post #7
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Crustyoldbloke View Member Profile	Jun 11 2007, 02:20 AM Post #8
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Topic re-opened at the request of the original poster.

jrenda View Member Profile	Jun 11 2007, 02:26 AM Post #9
Member Posts: 14 OS: xp	Hi Pill, Thanks again for being patient. Once again I apologize for taking so long to get back to you. I followed all of your instructions and my biggest problem now is Windows Explorer now crashes a couple of times a day gives me this error: "Windows Explorer has encountered a problem and needs to close" Then I get an Error right after the first error: "Dr. Watson has encountered a problem and needs to close" Also, my computer is pretty slow to boot (but that is not a new problem). Following is the most recent Hijack this log. Also note I have changed to Symantec Anti Virus. Thanks again for your help. Jeff Logfile of HijackThis v1.99.1 Scan saved at 1:03:31 AM, on 6/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\basfipm.exe C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\GEARSec.exe C:\WINDOWS\runservice.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL$HRDB\Binn\sqlservr.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Exchsrvr\bin\exmgmt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\System32\taskswitch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\DSentry.exe C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Norton Ghost\Agent\GhostTray.exe C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\ACT\ACT for Win 7\Act.Outlook.Service.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Fanix\As-U-Type\AsutypeFull.exe C:\Program Files\PureText\PureText.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Dell\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\mstsc.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.1.1:8080 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\jrenda\Application Data\Mozilla\Profiles\default\7x4kq9ot.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\jrenda\Application Data\Mozilla\Profiles\default\7x4kq9ot.slt\prefs.js) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\system32\DSentry.exe O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [bascstray] BascsTray.exe O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\ACT for Win 7\Act.Outlook.Service.exe" O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Win 7\ActSage.exe" -preload O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKCU\..\Run: [As-U-Type 3.2] C:\Program Files\Fanix\As-U-Type\AsutypeFull.exe O4 - HKCU\..\Run: [PureText] "C:\Program Files\PureText\PureText.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1 O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AltiView.lnk = C:\Program Files\AltiGen\AltiView 4.0A\AltiClient.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: TypePad QuickPost - http://www.typepad.com/t/app?__mode=reg_qp...p;qp_height=540 O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: C:\Program Files\eGrabber\AddressGrabber Business 5.0\AddressGrabber - {90A81828-92DB-400e-AECD-78C540F5EB49} - C:\Program Files\eGrabber\AddressGrabber Business 5.0\InternetAddress.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra button: BlogJet This! - {F2EB8589-51A5-4CD7-B665-F8CB564B6CE6} - C:\Documents and Settings\jrenda\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js O9 - Extra 'Tools' menuitem: BlogJet This! - {F2EB8589-51A5-4CD7-B665-F8CB564B6CE6} - C:\Documents and Settings\jrenda\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://insite.sitesystems.com O15 - Trusted Zone: http://*.sscorp-apps1 O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.learnitcorp.com/cabs/lcsim.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {4C57C98A-E582-46E4-8FD8-5EBDC94CEA39} (Mindjet MindManager Viewer Control) - http://www.mindjet.com/viewer/eng/MjMmViewer.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1120792866951 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://www.sonypictures.com/games/thedavin...aderControl.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://dell.webex.com/client/T25L/support/ieatgpc.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://isgui.dev.sitesystems.com/administr...red/XUpload.ocx O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sitesystems.biz O17 - HKLM\Software\..\Telephony: DomainName = sitesystems.biz O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sitesystems.biz O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sitesystems.biz O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = sitesystems.biz O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ACT! Scheduler - Sage Software SB, Inc - C:\Program Files\ACT\ACT for Win 7\Act.Scheduler.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperServer\DKService.exe O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 - C:\Program Files\WS_FTP\ftpsched.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: SQL Server (ACT7) (MSSQL$ACT7) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sACT7 (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

jrenda View Member Profile	Jun 11 2007, 02:33 AM Post #10
Member Posts: 14 OS: xp	Oops, I just noticed that I butchered your name. I meant to say Hi Phil... sorry about that. Jeff

Crustyoldbloke View Member Profile	Jun 11 2007, 03:14 AM Post #11
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Hello again Jeff There is nothing obvious in the HJT log. Can I ask you to create a new account on your PC as a test account. Call it whatever springs to mind, but I want you to logon to it directly from a reboot, so that no other account is active. To do this, go to user accounts in the control panel and create a new account with ADMIN status. Please run as much as possible on that account to see if the errors still occur. Can you let me know in say 24 hours please?

jrenda View Member Profile	Jun 14 2007, 07:56 PM Post #12
Member Posts: 14 OS: xp	Hi Phil, Interesting results. I tried two things (neither worked): 1. Before the Explorer Error, you had me re-enable many of the startup items I had disabled in the System Configuration Utility. So I thought I would disable several of those again and see if that helped. I stayed logged on under my usual account and I still experienced one explorer error. 2. Next I followed your advice and logged in as a brand new user and started working. (Note that I did not re-enable the start up items I had disabled in 1 above.) I had the same explorer error when I double-clicked on the clock in the task bar. After I cleared the error message I continued working normally. Thinking back I remember that I seem to be getting this error intermittently when I click on something in a toolbar (such as a drive icon, Internet Explorer icon) or the clock in a desktop taskbar. I use a bunch of toolbars on my desktop. I don't know if this is relevant or not but I thought I would mention it. Also, I didn't experience this error prior to the malware clean up process. I did, however, install several new programs recommended by Geeks to Go (such as SUPERAntiSpyware, etc.) during the clean up process, maybe one of these new programs is causing this issue? Anyway, here is a new Hijack this log. Thanks again for your help! Jeff Logfile of HijackThis v1.99.1 Scan saved at 6:54:02 PM, on 6/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\basfipm.exe C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\GEARSec.exe C:\WINDOWS\runservice.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL$HRDB\Binn\sqlservr.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Exchsrvr\bin\exmgmt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\System32\taskswitch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\DSentry.exe C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ACT\ACT for Win 7\Act.Outlook.Service.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Fanix\As-U-Type\AsutypeFull.exe C:\Program Files\PureText\PureText.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AltiGen\AltiView 4.0A\AltiClient.exe C:\Program Files\Dell\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\jrenda\Application Data\Mozilla\Profiles\default\7x4kq9ot.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\jrenda\Application Data\Mozilla\Profiles\default\7x4kq9ot.slt\prefs.js) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll O2 - BHO: IEEvent Class - {157F70D2-49E8-11D3-B094-005004116944} - C:\Program Files\Altigen\AltiView 4.0A\IEEventView.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\system32\DSentry.exe O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot O4 - HKLM\..\Run: [bascstray] BascsTray.exe O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\ACT for Win 7\Act.Outlook.Service.exe" O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Win 7\ActSage.exe" -preload O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\ServicePackFiles\i386\msconfig.exe /auto O4 - HKCU\..\Run: [As-U-Type 3.2] C:\Program Files\Fanix\As-U-Type\AsutypeFull.exe O4 - HKCU\..\Run: [PureText] "C:\Program Files\PureText\PureText.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: AltiView.lnk = C:\Program Files\AltiGen\AltiView 4.0A\AltiClient.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm O8 - Extra context menu item: &Document Tree - C:\WINDOWS\web\tree.htm O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: TypePad QuickPost - http://www.typepad.com/t/app?__mode=reg_qp...p;qp_height=540 O8 - Extra context menu item: View Partial So&urce - C:\WINDOWS\web\source.htm O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: C:\Program Files\eGrabber\AddressGrabber Business 5.0\AddressGrabber - {90A81828-92DB-400e-AECD-78C540F5EB49} - C:\Program Files\eGrabber\AddressGrabber Business 5.0\InternetAddress.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Bluetooth Software\btsendto_ie.htm O9 - Extra button: BlogJet This! - {F2EB8589-51A5-4CD7-B665-F8CB564B6CE6} - C:\Documents and Settings\jrenda\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js O9 - Extra 'Tools' menuitem: BlogJet This! - {F2EB8589-51A5-4CD7-B665-F8CB564B6CE6} - C:\Documents and Settings\jrenda\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://insite.sitesystems.com O15 - Trusted Zone: http://*.sscorp-apps1 O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.learnitcorp.com/cabs/lcsim.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe O16 - DPF: {4C57C98A-E582-46E4-8FD8-5EBDC94CEA39} (Mindjet MindManager Viewer Control) - http://www.mindjet.com/viewer/eng/MjMmViewer.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/downl...lscbase3401.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1120792866951 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://www.sonypictures.com/games/thedavin...aderControl.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://dell.webex.com/client/T25L/support/ieatgpc.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://isgui.dev.sitesystems.com/administr...red/XUpload.ocx O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sitesystems.biz O17 - HKLM\Software\..\Telephony: DomainName = sitesystems.biz O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sitesystems.biz O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sitesystems.biz O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = sitesystems.biz O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ACT! Scheduler - Sage Software SB, Inc - C:\Program Files\ACT\ACT for Win 7\Act.Scheduler.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperServer\DKService.exe O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 - C:\Program Files\WS_FTP\ftpsched.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: SQL Server (ACT7) (MSSQL$ACT7) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sACT7 (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Crustyoldbloke View Member Profile	Jun 15 2007, 01:38 AM Post #13
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	Hello again Jeff Your HJT log remains unremarkable. I would gamble on third party software being the problem, and toolbars in particular. If the errant software has altered a registry setting, then merely deleting the software will still leave the error. We can try a SFC, a restore or even a re-install of SP2. Have you already cleared your restore points? Please run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds. Click Start Select Run At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow. Now click Enter This will start the programme, and a box should appear telling you how much longer the process should take. Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files: My Computer > Tools > Folder Options > View > "Uncheck" Hide protected operating system files. Then rerun the scan. Once the scan is complete: Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates. Please reboot, and let me know if anything has changed. Also, please rehide the protected files: My Computer > Tools > Folder Options > View > "Uncheck" Hide protected operating system files. No Windows CD? See here: No Windows CD Any better?

jrenda View Member Profile	Jun 18 2007, 02:15 AM Post #14
Member Posts: 14 OS: xp	Hi Phil, I have run the sfc program and windows update (no updated were needed). I will work with my computer tomorrow and let you know how it goes. And yes I cleared my restore points when I first started working on these issues. Thanks again for all of your help, Jeff

Crustyoldbloke View Member Profile	Jun 18 2007, 08:49 AM Post #15
Malware Surgeon with a shaky scalpel Posts: 15,101 From: Worcestershire, England OS: Win98, Windows XP Professional SP2, Vista	OK, no problem. Please note that I am due for eye surgery on 22nd June.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal help removing adware-virtumundo [RESOLVED]	6 / 783	6th November 2005 - 09:02 AM willowpeace_ny started - last by John McKenna
Virus, Spyware and Trojan Removal Need help removing Adware problem	0 / 165	22nd June 2008 - 07:32 PM ChaosVortex started - last by ChaosVortex
Virus, Spyware and Trojan Removal Need help removing Adware/Trojan	0 / 278	1st July 2008 - 12:34 PM rcanda1 started - last by rcanda1
Virus, Spyware and Trojan Removal Need help removing Trojan Downloader and HTML/Framer [RESOLVED]	10 / 1,566	18th July 2008 - 11:13 AM Jacksown started - last by Mike