[Resolved] IE pop up issues?

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

2 Pages

1 2 >

[Resolved] IE pop up issues?

Options

emance View Member Profile	Jun 16 2008, 10:14 AM Post #1
Authentic Member Group: Authentic Member Posts: 31 Joined: 13-February 08 Member No.: 76,802 Operating System: XP Pro	Hi, I'm having pop up issues and web site redirection. Also, windows defender and automatic updates will not run. Below is my HiJack This log. Thanks for your help. Eric Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:09:32 PM, on 6/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Zango\bin\10.0.314.0\OEAddOn.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Zango\bin\10.0.314.0\ZangoSA.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Dell Support Center\gs_agent\dsc.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\eHome\ehmsas.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.314.0\HostIE.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.314.0\OEAddOn.exe O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.0.314.0\ZangoSA.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [5850651d] rundll32.exe "C:\WINDOWS\system32\uqbplpak.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www2.snapfish.com/SnapfishOutlookImport.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10531 bytes

Scotty View Member Profile	Jun 16 2008, 12:36 PM Post #2
Always Happy Group: Malware Team Posts: 3,653 Joined: 9-December 06 From: Haggistown, Kiltland Member No.: 65,226 Operating System: XP Pro Ubuntu 8.04	Hi Rename HijackThis There is a possibility an infection which is hiding part of the HijackThis log because it's called hijackthis.exe. Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exe Right-click on HijackThis.exe & select Rename to iseeu.exe and post back a new Hijackthis log. Please make a uninstall list using HijackThis To access the Uninstall Manager you would do the following: 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.

emance View Member Profile	Jun 16 2008, 02:52 PM Post #3
Authentic Member Group: Authentic Member Posts: 31 Joined: 13-February 08 Member No.: 76,802 Operating System: XP Pro	Here is my post after changing the name of Hijackthis Thanks, Eric Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:50:14 PM, on 6/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Zango\bin\10.0.314.0\OEAddOn.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Zango\bin\10.0.314.0\ZangoSA.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\America Online 9.0\aoltray.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\Program Files\Trend Micro\HijackThis\iseeu.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Zango /fleok=1D8A83A5C7E1167F98A86C2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.314.0\HostIE.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: (no name) - {CEB2BAA9-50AF-4582-917B-2B7F112E2B89} - C:\WINDOWS\system32\khfGawvS.dll O2 - BHO: (no name) - {ECC6D0BF-50EC-44A0-BF0B-713F841AD1E8} - C:\WINDOWS\system32\yayyYqpo.dll O2 - BHO: (no name) - {FDADF663-7771-4EE0-8884-AE0CBFDF11A5} - C:\WINDOWS\system32\cbXNGvuS.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.314.0\HostIE.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.314.0\OEAddOn.exe O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.0.314.0\ZangoSA.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [5850651d] rundll32.exe "C:\WINDOWS\system32\uqbplpak.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www2.snapfish.com/SnapfishOutlookImport.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: yayyYqpo - C:\WINDOWS\SYSTEM32\yayyYqpo.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11598 bytes

emance View Member Profile	Jun 16 2008, 02:56 PM Post #4
Authentic Member Group: Authentic Member Posts: 31 Joined: 13-February 08 Member No.: 76,802 Operating System: XP Pro	Here is my uninstall list. Thanks, Eric Adobe Flash Player ActiveX Adobe Reader 8.1.2 Adobe® Photoshop® Album Starter Edition 3.2 ALPS Touch Pad Driver America Online (Choose which version to remove) AOL Coach Version 1.0(Build:20040229.1 en) AOL Connectivity Services avast! Antivirus Broadcom Advanced Control Suite 2 Business Contact Manager for Outlook 2003 Canon Camera Access Library Canon Camera Support Core Library Canon Camera Window DC_DV 5 for ZoomBrowser EX Canon Camera Window DC_DV 6 for ZoomBrowser EX Canon Camera Window MC 6 for ZoomBrowser EX Canon G.726 WMP-Decoder Canon iP4300 Canon MovieEdit Task for ZoomBrowser EX Canon PhotoRecord Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities Digital Photo Professional 2.2 Canon Utilities EOS Utility Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Conexant D110 MDC V.9x Modem Dell Support Center DellSupport Digital Content Portal Digital Line Detect Documents To Go EarthLink setup files ESPNMotion GemMaster Mystic Google AFE Google Desktop Google Toolbar for Internet Explorer Google Updater HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB888795) Hotfix for Windows XP (KB891593) Hotfix for Windows XP (KB895961) Hotfix for Windows XP (KB899337) Hotfix for Windows XP (KB899510) Hotfix for Windows XP (KB902841) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Intel® PROSet/Wireless Software Internal Network Card Power Management J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java 2 Runtime Environment, SE v1.4.2_03 Java™ 6 Update 3 Learn2 Player (Uninstall Only) Macromedia Flash Player mCore MCU mDrWiFi mHlpDell Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Small Business Edition 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE mIWA mIWCA mLogView mMHouse Modem Helper Mozilla Firefox (2.0.0.14) mPfMgr mPfWiz mProSafe mSSO MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) mToolkit Musicmatch for Windows Media Player mWlsSafe mXML mZConfig NetWaiting NVIDIA Drivers Otto Palm Picasa 2 PowerDVD 5.5 Qualxserve Service Agreement QuickBooks Simple Start Special Edition QuickSet QuickTime RealPlayer Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) ShopperReports Sonic Audio module Sonic DLA Sonic Encoders Sonic MyDVD LE Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Starcraft Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update Rollup 2 for Windows XP Media Center Edition 2005 Viewpoint Media Player WebCyberCoach 3.2 Dell Windows Defender Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format Runtime Windows Media Player 10 Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890927 Windows XP Media Center Edition 2005 KB908246 Zango Browser and Wowpapers Tools

Scotty View Member Profile	Jun 16 2008, 03:07 PM Post #5
Always Happy Group: Malware Team Posts: 3,653 Joined: 9-December 06 From: Haggistown, Kiltland Member No.: 65,226 Operating System: XP Pro Ubuntu 8.04	Hi Download FixIEDef.exe by ShadowPuterDude to your Desktop. Double-click FixIEDef.exe If running Vista, click OK on the FixIEDef is running as Administrator popup WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running. The icons and Start Menu on your Desktop will not be visible while FixIEDef is running. This is necessary to remove parts of the infection that would otherwise not be removed. FixIEDef will re-start Explorer at the end of the removal process FixIEDef will return everything to normal; when it has finished the removal process Click Exit once FixIEDef displays the All Finished message Post the log it creates back here. (You will find it on your desktop) Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. For Vista users, right-click DSS and select Run As Administrator When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply

emance View Member Profile	Jun 16 2008, 03:15 PM Post #6
Authentic Member Group: Authentic Member Posts: 31 Joined: 13-February 08 Member No.: 76,802 Operating System: XP Pro	Here is my FixEDef log. Thanks, Eric ******************************************************************************* * * * FixIEDef Log * * Version 1.4.19.5100 * * * ******************************************************************************** Created at 17:12:40 on Monday, June 16, 2008 Time Zone : (GMT-05:00) Eastern Time (US & Canada) Logged On User : RON Operating System : Microsoft Windows XP Professional Service Pack 2 OS Version : 5.1.2600 System Langauge : English (United States) Keyboard Layout : English (United States) Processor : X86 Intel® Pentium® M processor 2.26GHz System Drive : C:\ Windows Directory : C:\WINDOWS System Directory : C:\WINDOWS\system32 Total Physical Memory : 2146852864 bytes Free Physical Memory : 1538188 bytes Total Virtual Memory : 2097024 bytes Free Virtual Memory : 2054012 bytes Boot State : Normal boot -------------------------------------------------------------------------------- !!! Files that have been deleted !!! C:\Documents and Settings\RON\Application Data\Sun\Java\Deployment\cache\javapi\. C:\WINDOWS\system32\clkcnt.txt -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "antivirus-2008pro.exe" ================================================================================ All Done ShadowPuterDude Safe Surfing!!!

emance

Jun 16 2008, 03:21 PM

Post #7

Authentic Member

Group: Authentic Member
Posts: 31
Joined: 13-February 08
Member No.: 76,802
Operating System: XP Pro

Here is the other log files

Deckard's System Scanner v20071014.68
Run by RON on 2008-06-16 17:16:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
22: 2008-06-16 21:16:39 UTC - RP124 - Deckard's System Scanner Restore Point
21: 2008-06-16 15:52:40 UTC - RP123 - Installed Windows Defender
20: 2008-06-12 11:58:49 UTC - RP122 - Last known good configuration
19: 2008-06-12 11:58:38 UTC - RP121 - Software Distribution Service 3.0
18: 2008-06-12 11:58:38 UTC - RP120 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-06-12 11:58:35 UTC - RP103 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as RON.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:00 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Zango\bin\10.0.314.0\OEAddOn.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Zango\bin\10.0.314.0\ZangoSA.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\RON\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\RON.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Zango /fleok=1D8A83A5C7E1167F98A86C2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.314.0\HostIE.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {CEB2BAA9-50AF-4582-917B-2B7F112E2B89} - C:\WINDOWS\system32\khfGawvS.dll
O2 - BHO: (no name) - {ECC6D0BF-50EC-44A0-BF0B-713F841AD1E8} - C:\WINDOWS\system32\yayyYqpo.dll
O2 - BHO: (no name) - {FDADF663-7771-4EE0-8884-AE0CBFDF11A5} - C:\WINDOWS\system32\cbXNGvuS.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.314.0\HostIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.314.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.0.314.0\ZangoSA.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [5850651d] rundll32.exe "C:\WINDOWS\system32\uqbplpak.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www2.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: yayyYqpo - C:\WINDOWS\SYSTEM32\yayyYqpo.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11532 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-16 16:44:10 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2006-01-31 12:08:16 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job

-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-16 12:00:58 92544 --a------ C:\WINDOWS\system32\uqbplpak.dll
2008-06-16 12:00:18 265646 --ahs---- C:\WINDOWS\system32\SvwaGfhk.ini2
2008-06-16 12:00:12 322432 --a------ C:\WINDOWS\system32\khfGawvS.dll
2008-06-16 11:59:23 0 d-------- C:\Program Files\Trend Micro
2008-06-16 11:52:45 0 d-------- C:\Program Files\Windows Defender
2008-06-16 11:51:04 0 d-------- C:\Documents and Settings\RON\Application Data\Mozilla
2008-06-16 11:49:15 0 d-------- C:\Microsoft
2008-06-12 14:37:17 0 d-------- C:\Firefox
2008-06-12 07:58:24 238307 --ahs---- C:\WINDOWS\system32\SuvGNXbc.ini2
2008-06-12 07:54:46 81920 --a------ C:\WINDOWS\pebgkxwq.exe
2008-06-12 07:54:46 139264 --a------ C:\WINDOWS\enef.exe
2008-06-12 07:53:36 0 --a------ C:\WINDOWS\xkefqtgs.dll
2008-06-12 07:53:36 29824 --a------ C:\WINDOWS\system32\awttsPjJ.dll
2008-06-12 07:53:18 29824 --a------ C:\WINDOWS\system32\yayyYqpo.dll

-- Find3M Report ---------------------------------------------------------------

2008-06-16 11:41:50 40923 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-27 07:57:31 0 d-------- C:\Program Files\Picasa2
2008-04-18 21:03:36 0 d-------- C:\Program Files\Common Files\Adobe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
07/05/2007 05:23 PM 652552 --a------ C:\Program Files\Zango\bin\10.0.314.0\HostIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEB2BAA9-50AF-4582-917B-2B7F112E2B89}]
06/16/2008 12:00 PM 322432 --a------ C:\WINDOWS\system32\khfGawvS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECC6D0BF-50EC-44A0-BF0B-713F841AD1E8}]
06/12/2008 07:53 AM 29824 --a------ C:\WINDOWS\system32\yayyYqpo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDADF663-7771-4EE0-8884-AE0CBFDF11A5}]
C:\WINDOWS\system32\cbXNGvuS.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{07AA283A-43D7-4CBE-A064-32A21112D94D}"= C:\Program Files\Zango\bin\10.0.314.0\HostIE.dll [07/05/2007 05:23 PM 652552]

[-HKEY_CLASSES_ROOT\CLSID\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
[HKEY_CLASSES_ROOT\HostIE.Bho.1]
[HKEY_CLASSES_ROOT\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4}]
[HKEY_CLASSES_ROOT\HostIE.Bho]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 04:01 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/13/2004 06:33 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/14/2005 02:08 PM]
"nwiz"="nwiz.exe" [07/14/2005 02:08 PM C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 04:59 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [09/01/2005 11:27 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 06:19 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/24/2006 05:03 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 12:44 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 12:44 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [01/24/2006 05:08 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/12/2005 09:05 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 05:33 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"ZangoOE"="C:\Program Files\Zango\bin\10.0.314.0\OEAddOn.exe" [07/05/2007 05:23 PM]
"ZangoSA"="C:\Program Files\Zango\bin\10.0.314.0\ZangoSA.exe" [12/14/2007 04:26 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/12/2007 09:17 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"5850651d"="C:\WINDOWS\system32\uqbplpak.dll" [06/16/2008 12:00 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/15/2007 08:35 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [1/24/2006 5:02:21 AM]
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [9/15/2006 2:57:00 PM]
Digital Line Detect.lnk - C:\