mwc0914
asked on
Google redirect
Got malware I can't get rid of. When clicking on Google results, I am redirected to anti-spyware websites. Below is my Hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:12 AM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThi
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E
O2 - BHO: (no name) - {246DC415-C280-42A1-AE5F-B
O2 - BHO: (no name) - {5297A80C-DBA6-41A4-A291-0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgSta
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EX
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprov
O16 - DPF: {00E1C63A-1060-4EED-928B-2
O16 - DPF: {01113300-3E00-11D2-8470-0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0
O16 - DPF: {11260943-421B-11D0-8EAC-0
O16 - DPF: {140F03AE-0588-11D4-BD45-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {39B0684F-D7BF-4743-B050-F
O16 - DPF: {5ED80217-570B-4DA9-BF44-B
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3
O16 - DPF: {917623D1-D8E5-11D2-BE8B-0
O16 - DPF: {96816368-C1E3-414D-A193-6
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0
O16 - DPF: {DE625294-70E6-45ED-B895-C
O20 - AppInit_DLLs: 6741f5de
O20 - Winlogon Notify: eqciwtko - C:\WINDOWS\SYSTEM32\dhcpmo
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sg
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\driver
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcC
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\Iomega
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshi
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstsk
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBst
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCt
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA
--
End of file - 9548 bytes
Any help is appreciated.
Mike
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:12 AM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThi
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E
O2 - BHO: (no name) - {246DC415-C280-42A1-AE5F-B
O2 - BHO: (no name) - {5297A80C-DBA6-41A4-A291-0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgSta
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EX
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprov
O16 - DPF: {00E1C63A-1060-4EED-928B-2
O16 - DPF: {01113300-3E00-11D2-8470-0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0
O16 - DPF: {11260943-421B-11D0-8EAC-0
O16 - DPF: {140F03AE-0588-11D4-BD45-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {39B0684F-D7BF-4743-B050-F
O16 - DPF: {5ED80217-570B-4DA9-BF44-B
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3
O16 - DPF: {917623D1-D8E5-11D2-BE8B-0
O16 - DPF: {96816368-C1E3-414D-A193-6
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0
O16 - DPF: {DE625294-70E6-45ED-B895-C
O20 - AppInit_DLLs: 6741f5de
O20 - Winlogon Notify: eqciwtko - C:\WINDOWS\SYSTEM32\dhcpmo
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sg
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\driver
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcC
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\Iomega
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshi
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstsk
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBst
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCt
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA
--
End of file - 9548 bytes
Any help is appreciated.
Mike
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Completed CF & re-ran HJT. Below is latest HJT log & CF log is attatched...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:27 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\driver
C:\WINDOWS\System32\CTsvcC
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService
C:\Program Files\Network Associates\VirusScan\mcshi
C:\Program Files\Network Associates\VirusScan\vstsk
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
C:\WINDOWS\system32\PnkBst
C:\WINDOWS\System32\tcpsvc
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\system32\fxssvc
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\Program Files\Java\jre1.6.0_03\bin
C:\Program Files\Network Associates\VirusScan\SHSTA
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Iomega\DriveIcons\Im
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EX
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\MouseWare\s
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
C:\Program Files\Creative\SBLive\Diag
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgSta
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EX
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprov
O16 - DPF: {00E1C63A-1060-4EED-928B-2
O16 - DPF: {01113300-3E00-11D2-8470-0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0
O16 - DPF: {11260943-421B-11D0-8EAC-0
O16 - DPF: {140F03AE-0588-11D4-BD45-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {39B0684F-D7BF-4743-B050-F
O16 - DPF: {5ED80217-570B-4DA9-BF44-B
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3
O16 - DPF: {917623D1-D8E5-11D2-BE8B-0
O16 - DPF: {96816368-C1E3-414D-A193-6
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0
O16 - DPF: {DE625294-70E6-45ED-B895-C
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sg
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\driver
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcC
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\Iomega
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshi
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstsk
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBst
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCt
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA
--
End of file - 10923 bytes
log.txt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:27 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\driver
C:\WINDOWS\System32\CTsvcC
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService
C:\Program Files\Network Associates\VirusScan\mcshi
C:\Program Files\Network Associates\VirusScan\vstsk
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
C:\WINDOWS\system32\PnkBst
C:\WINDOWS\System32\tcpsvc
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\system32\fxssvc
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\Program Files\Java\jre1.6.0_03\bin
C:\Program Files\Network Associates\VirusScan\SHSTA
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Iomega\DriveIcons\Im
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EX
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\MouseWare\s
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
C:\Program Files\Creative\SBLive\Diag
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgSta
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EX
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprov
O16 - DPF: {00E1C63A-1060-4EED-928B-2
O16 - DPF: {01113300-3E00-11D2-8470-0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0
O16 - DPF: {11260943-421B-11D0-8EAC-0
O16 - DPF: {140F03AE-0588-11D4-BD45-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {39B0684F-D7BF-4743-B050-F
O16 - DPF: {5ED80217-570B-4DA9-BF44-B
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3
O16 - DPF: {917623D1-D8E5-11D2-BE8B-0
O16 - DPF: {96816368-C1E3-414D-A193-6
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0
O16 - DPF: {DE625294-70E6-45ED-B895-C
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sg
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\driver
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcC
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\Iomega
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshi
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstsk
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBst
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCt
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA
--
End of file - 10923 bytes
log.txt
ASKER
I think it may have worked...tried some links that were being redirected before, and all is normal now. Not sure how to read HJT or CF log to ensure all is clean.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also Download SDfix from: http://downloads.andymanchesta.com/RemovalTools/SDFix.zip and run it in safe mode.
Thanks Xpelled
Thanks Xpelled
ASKER
No wireless set up...just modem connected to the PC.
What does SDFix do?
What does SDFix do?
Can you still get that file checked out by the virus scanner?
ASKER
wsil32.dll does not exist on my PC
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The latest HJT log below & latest CF log attached
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:10 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\driver
C:\WINDOWS\System32\CTsvcC
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\Program Files\Java\jre1.6.0_03\bin
C:\Program Files\Network Associates\VirusScan\SHSTA
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Iomega\DriveIcons\Im
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EX
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\MouseWare\s
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll
C:\Program Files\Creative\SBLive\Diag
C:\Program Files\Network Associates\Common Framework\FrameworkService
C:\Program Files\Network Associates\VirusScan\vstsk
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
C:\WINDOWS\system32\PnkBst
C:\WINDOWS\System32\tcpsvc
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\system32\fxssvc
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Network Associates\VirusScan\mcshi
C:\Program Files\Trend Micro\HijackThis\HijackThi
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgSta
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EX
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprov
O16 - DPF: {00E1C63A-1060-4EED-928B-2
O16 - DPF: {01113300-3E00-11D2-8470-0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0
O16 - DPF: {11260943-421B-11D0-8EAC-0
O16 - DPF: {140F03AE-0588-11D4-BD45-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {39B0684F-D7BF-4743-B050-F
O16 - DPF: {5ED80217-570B-4DA9-BF44-B
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3
O16 - DPF: {917623D1-D8E5-11D2-BE8B-0
O16 - DPF: {96816368-C1E3-414D-A193-6
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0
O16 - DPF: {DE625294-70E6-45ED-B895-C
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sg
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\driver
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcC
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\Iomega
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshi
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstsk
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBst
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCt
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA
--
End of file - 10947 bytes
log.txt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:10 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\driver
C:\WINDOWS\System32\CTsvcC
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\Program Files\Java\jre1.6.0_03\bin
C:\Program Files\Network Associates\VirusScan\SHSTA
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Iomega\DriveIcons\Im
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EX
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\MouseWare\s
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll
C:\Program Files\Creative\SBLive\Diag
C:\Program Files\Network Associates\Common Framework\FrameworkService
C:\Program Files\Network Associates\VirusScan\vstsk
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
C:\WINDOWS\system32\PnkBst
C:\WINDOWS\System32\tcpsvc
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\system32\fxssvc
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Network Associates\VirusScan\mcshi
C:\Program Files\Trend Micro\HijackThis\HijackThi
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgSta
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EX
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprov
O16 - DPF: {00E1C63A-1060-4EED-928B-2
O16 - DPF: {01113300-3E00-11D2-8470-0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0
O16 - DPF: {11260943-421B-11D0-8EAC-0
O16 - DPF: {140F03AE-0588-11D4-BD45-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {39B0684F-D7BF-4743-B050-F
O16 - DPF: {5ED80217-570B-4DA9-BF44-B
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3
O16 - DPF: {917623D1-D8E5-11D2-BE8B-0
O16 - DPF: {96816368-C1E3-414D-A193-6
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0
O16 - DPF: {DE625294-70E6-45ED-B895-C
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sg
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\driver
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcC
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\Iomega
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshi
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstsk
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBst
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCt
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA
--
End of file - 10947 bytes
log.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
O2 - BHO: (no name) - {246DC415-C280-42A1-AE5F-B
O2 - BHO: (no name) - {5297A80C-DBA6-41A4-A291-0
O16 - DPF: {00E1C63A-1060-4EED-928B-2
O16 - DPF: {39B0684F-D7BF-4743-B050-F
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D
O16 - DPF: {96816368-C1E3-414D-A193-6
O20 - Winlogon Notify: eqciwtko - C:\WINDOWS\SYSTEM32\dhcpmo
Also try scanning your PC with Super AntiSpyware as well
Thanks
Xpelled