mwc0914
asked on
Google redirect
Got malware I can't get rid of. When clicking on Google results, I am redirected to anti-spyware websites. Below is my Hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:12 AM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThi s.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Common Files\Adobe\Acrobat\Active X\AcroIEHe lper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E 2544C21A09 F} - C:\Program Files\SpyCatcher\SCActiveB lock.dll (file missing)
O2 - BHO: (no name) - {246DC415-C280-42A1-AE5F-B 1FD0139EEF 5} - C:\WINDOWS\system32\dpmode mxq.dll
O2 - BHO: (no name) - {5297A80C-DBA6-41A4-A291-0 E881815630 8} - c:\windows\system32\dhcpmo nt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2 09B6AD74AC C} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0 050BA6940E 3} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex e
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin \jusched.e xe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc .exe -startgui
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA T.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon. exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgSta rt.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im gIcon.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag nostics\di agent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EX E
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e xe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ LDMConf.ex e
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH .HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3 \OFFICE11\ EXCEL.EXE/ 3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7 8752E50CD0 C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~3\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - C:\WINDOWS\System32\Shdocv w.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A 9046DEA8A2 1} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprov au.dll
O16 - DPF: {00E1C63A-1060-4EED-928B-2 EF2E265D35 2} (MJPEGRender Control) - http://standrewslinkstrust.remotemanager.co.uk/common/activex/MJPEGRender.ocx
O16 - DPF: {01113300-3E00-11D2-8470-0 060089874E D} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0 E3A5CAA8CD 8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {11260943-421B-11D0-8EAC-0 000C07D88C F} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {140F03AE-0588-11D4-BD45-0 050048A82B F} (eShare Web Collaboration Class) - http://ec112.ecicorp.com/netagent/objects/emagic.cab
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-F DC3F48F7E3 B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-B E107C0EC16 6} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163705183734
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D 5426B81A12 1} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned33.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3 6F43A218F4 A} (Microsoft RDP Client Control (redist)) - http://wrcs-ntsrv1.corp.fedex.com/tsweb/msrdp.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-0 0104B06BDE 3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {96816368-C1E3-414D-A193-6 3C3CC92199 0} (MJPEGRender Control) - http://standrewslinkstrust.remotemanager.co.uk/common/activex/MJPEGRender.ocx
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0 E40F83B1AD F} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {DE625294-70E6-45ED-B895-C FFA13AEB04 4} (AxisMediaControlEmb Class) - http://66.91.147.106:8010/activex/AMC.cab
O20 - AppInit_DLLs: 6741f5de
O20 - Winlogon Notify: eqciwtko - C:\WINDOWS\SYSTEM32\dhcpmo nt.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2ev xx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sg ag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\driver s\CDAC11BA .EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcC DA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \11\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\Iomega Access.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga .exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService .exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshi eld.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstsk mgr.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc .exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3 2.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv. exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBst rA.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN T~1\SCRIPT ~1\SBServ. exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCt rl\x10nets .exe (file missing)
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA .exe
--
End of file - 9548 bytes
Any help is appreciated.
Mike
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:12 AM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThi
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E
O2 - BHO: (no name) - {246DC415-C280-42A1-AE5F-B
O2 - BHO: (no name) - {5297A80C-DBA6-41A4-A291-0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgSta
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EX
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprov
O16 - DPF: {00E1C63A-1060-4EED-928B-2
O16 - DPF: {01113300-3E00-11D2-8470-0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0
O16 - DPF: {11260943-421B-11D0-8EAC-0
O16 - DPF: {140F03AE-0588-11D4-BD45-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {39B0684F-D7BF-4743-B050-F
O16 - DPF: {5ED80217-570B-4DA9-BF44-B
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3
O16 - DPF: {917623D1-D8E5-11D2-BE8B-0
O16 - DPF: {96816368-C1E3-414D-A193-6
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0
O16 - DPF: {DE625294-70E6-45ED-B895-C
O20 - AppInit_DLLs: 6741f5de
O20 - Winlogon Notify: eqciwtko - C:\WINDOWS\SYSTEM32\dhcpmo
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sg
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\driver
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcC
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\Iomega
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshi
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstsk
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBst
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCt
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA
--
End of file - 9548 bytes
Any help is appreciated.
Mike
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Completed CF & re-ran HJT. Below is latest HJT log & CF log is attatched...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:27 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\System32\driver s\CDAC11BA .EXE
C:\WINDOWS\System32\CTsvcC DA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService .exe
C:\Program Files\Network Associates\VirusScan\mcshi eld.exe
C:\Program Files\Network Associates\VirusScan\vstsk mgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv. exe
C:\WINDOWS\system32\PnkBst rA.exe
C:\WINDOWS\System32\tcpsvc s.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\system32\fxssvc .exe
C:\Program Files\Common Files\Dell\EUSW\Support.ex e
C:\Program Files\Java\jre1.6.0_03\bin \jusched.e xe
C:\Program Files\Network Associates\VirusScan\SHSTA T.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon. exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Iomega\DriveIcons\Im gIcon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EX E
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\MouseWare\s ystem\em_e xec.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e xe
C:\Program Files\Creative\SBLive\Diag nostics\di agent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll 32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi s.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Common Files\Adobe\Acrobat\Active X\AcroIEHe lper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E 2544C21A09 F} - C:\Program Files\SpyCatcher\SCActiveB lock.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2 09B6AD74AC C} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0 050BA6940E 3} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex e
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin \jusched.e xe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc .exe -startgui
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA T.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon. exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgSta rt.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im gIcon.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag nostics\di agent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EX E
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e xe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ LDMConf.ex e
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH .HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3 \OFFICE11\ EXCEL.EXE/ 3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7 8752E50CD0 C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~3\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - C:\WINDOWS\System32\Shdocv w.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A 9046DEA8A2 1} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprov au.dll
O16 - DPF: {00E1C63A-1060-4EED-928B-2 EF2E265D35 2} (MJPEGRender Control) - http://standrewslinkstrust.remotemanager.co.uk/common/activex/MJPEGRender.ocx
O16 - DPF: {01113300-3E00-11D2-8470-0 060089874E D} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0 E3A5CAA8CD 8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {11260943-421B-11D0-8EAC-0 000C07D88C F} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {140F03AE-0588-11D4-BD45-0 050048A82B F} (eShare Web Collaboration Class) - http://ec112.ecicorp.com/netagent/objects/emagic.cab
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-F DC3F48F7E3 B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-B E107C0EC16 6} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163705183734
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D 5426B81A12 1} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned33.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3 6F43A218F4 A} (Microsoft RDP Client Control (redist)) - http://wrcs-ntsrv1.corp.fedex.com/tsweb/msrdp.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-0 0104B06BDE 3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {96816368-C1E3-414D-A193-6 3C3CC92199 0} (MJPEGRender Control) - http://standrewslinkstrust.remotemanager.co.uk/common/activex/MJPEGRender.ocx
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0 E40F83B1AD F} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {DE625294-70E6-45ED-B895-C FFA13AEB04 4} (AxisMediaControlEmb Class) - http://66.91.147.106:8010/activex/AMC.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2ev xx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sg ag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\driver s\CDAC11BA .EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcC DA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \11\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\Iomega Access.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga .exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService .exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshi eld.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstsk mgr.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc .exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3 2.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv. exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBst rA.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN T~1\SCRIPT ~1\SBServ. exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCt rl\x10nets .exe (file missing)
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA .exe
--
End of file - 10923 bytes
log.txt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:27 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\driver
C:\WINDOWS\System32\CTsvcC
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService
C:\Program Files\Network Associates\VirusScan\mcshi
C:\Program Files\Network Associates\VirusScan\vstsk
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
C:\WINDOWS\system32\PnkBst
C:\WINDOWS\System32\tcpsvc
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\system32\fxssvc
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\Program Files\Java\jre1.6.0_03\bin
C:\Program Files\Network Associates\VirusScan\SHSTA
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Iomega\DriveIcons\Im
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EX
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\MouseWare\s
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
C:\Program Files\Creative\SBLive\Diag
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgSta
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EX
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprov
O16 - DPF: {00E1C63A-1060-4EED-928B-2
O16 - DPF: {01113300-3E00-11D2-8470-0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0
O16 - DPF: {11260943-421B-11D0-8EAC-0
O16 - DPF: {140F03AE-0588-11D4-BD45-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {39B0684F-D7BF-4743-B050-F
O16 - DPF: {5ED80217-570B-4DA9-BF44-B
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3
O16 - DPF: {917623D1-D8E5-11D2-BE8B-0
O16 - DPF: {96816368-C1E3-414D-A193-6
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0
O16 - DPF: {DE625294-70E6-45ED-B895-C
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sg
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\driver
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcC
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\Iomega
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshi
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstsk
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBst
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCt
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA
--
End of file - 10923 bytes
log.txt
ASKER
I think it may have worked...tried some links that were being redirected before, and all is normal now. Not sure how to read HJT or CF log to ensure all is clean.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also Download SDfix from: http://downloads.andymanchesta.com/RemovalTools/SDFix.zip and run it in safe mode.
Thanks Xpelled
Thanks Xpelled
ASKER
No wireless set up...just modem connected to the PC.
What does SDFix do?
What does SDFix do?
Can you still get that file checked out by the virus scanner?
ASKER
wsil32.dll does not exist on my PC
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The latest HJT log below & latest CF log attached
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:10 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\driver s\CDAC11BA .EXE
C:\WINDOWS\System32\CTsvcC DA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Dell\EUSW\Support.ex e
C:\Program Files\Java\jre1.6.0_03\bin \jusched.e xe
C:\Program Files\Network Associates\VirusScan\SHSTA T.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon. exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Iomega\DriveIcons\Im gIcon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EX E
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\MouseWare\s ystem\em_e xec.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e xe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll 32.exe
C:\Program Files\Creative\SBLive\Diag nostics\di agent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService .exe
C:\Program Files\Network Associates\VirusScan\vstsk mgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv. exe
C:\WINDOWS\system32\PnkBst rA.exe
C:\WINDOWS\System32\tcpsvc s.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\system32\fxssvc .exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Network Associates\VirusScan\mcshi eld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi s.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Common Files\Adobe\Acrobat\Active X\AcroIEHe lper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E 2544C21A09 F} - C:\Program Files\SpyCatcher\SCActiveB lock.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2 09B6AD74AC C} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0 050BA6940E 3} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex e
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin \jusched.e xe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc .exe -startgui
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA T.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon. exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgSta rt.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im gIcon.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag nostics\di agent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EX E
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e xe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\ LDMConf.ex e
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH .HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3 \OFFICE11\ EXCEL.EXE/ 3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_03\bin \ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7 8752E50CD0 C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~3\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - C:\WINDOWS\System32\Shdocv w.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A 9046DEA8A2 1} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprov au.dll
O16 - DPF: {00E1C63A-1060-4EED-928B-2 EF2E265D35 2} (MJPEGRender Control) - http://standrewslinkstrust.remotemanager.co.uk/common/activex/MJPEGRender.ocx
O16 - DPF: {01113300-3E00-11D2-8470-0 060089874E D} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0 E3A5CAA8CD 8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {11260943-421B-11D0-8EAC-0 000C07D88C F} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {140F03AE-0588-11D4-BD45-0 050048A82B F} (eShare Web Collaboration Class) - http://ec112.ecicorp.com/netagent/objects/emagic.cab
O16 - DPF: {17492023-C23A-453E-A040-C 7C580BBF70 0} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-F DC3F48F7E3 B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-B E107C0EC16 6} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163705183734
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D 5426B81A12 1} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned33.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3 6F43A218F4 A} (Microsoft RDP Client Control (redist)) - http://wrcs-ntsrv1.corp.fedex.com/tsweb/msrdp.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-0 0104B06BDE 3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {96816368-C1E3-414D-A193-6 3C3CC92199 0} (MJPEGRender Control) - http://standrewslinkstrust.remotemanager.co.uk/common/activex/MJPEGRender.ocx
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0 E40F83B1AD F} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {DE625294-70E6-45ED-B895-C FFA13AEB04 4} (AxisMediaControlEmb Class) - http://66.91.147.106:8010/activex/AMC.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2ev xx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sg ag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\driver s\CDAC11BA .EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcC DA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \11\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\Iomega Access.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga .exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService .exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshi eld.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstsk mgr.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc .exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3 2.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv. exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBst rA.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN T~1\SCRIPT ~1\SBServ. exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCt rl\x10nets .exe (file missing)
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA .exe
--
End of file - 10947 bytes
log.txt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:10 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\driver
C:\WINDOWS\System32\CTsvcC
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\Program Files\Java\jre1.6.0_03\bin
C:\Program Files\Network Associates\VirusScan\SHSTA
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Iomega\DriveIcons\Im
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EX
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\MouseWare\s
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll
C:\Program Files\Creative\SBLive\Diag
C:\Program Files\Network Associates\Common Framework\FrameworkService
C:\Program Files\Network Associates\VirusScan\vstsk
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
C:\WINDOWS\system32\PnkBst
C:\WINDOWS\System32\tcpsvc
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\system32\fxssvc
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Network Associates\VirusScan\mcshi
C:\Program Files\Trend Micro\HijackThis\HijackThi
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTA
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgSta
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EX
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.e
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-7
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprov
O16 - DPF: {00E1C63A-1060-4EED-928B-2
O16 - DPF: {01113300-3E00-11D2-8470-0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0
O16 - DPF: {11260943-421B-11D0-8EAC-0
O16 - DPF: {140F03AE-0588-11D4-BD45-0
O16 - DPF: {17492023-C23A-453E-A040-C
O16 - DPF: {39B0684F-D7BF-4743-B050-F
O16 - DPF: {5ED80217-570B-4DA9-BF44-B
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-3
O16 - DPF: {917623D1-D8E5-11D2-BE8B-0
O16 - DPF: {96816368-C1E3-414D-A193-6
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0
O16 - DPF: {DE625294-70E6-45ED-B895-C
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sg
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\driver
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcC
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\Iomega
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshi
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstsk
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBst
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMAN
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCt
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA
--
End of file - 10947 bytes
log.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
O2 - BHO: (no name) - {246DC415-C280-42A1-AE5F-B
O2 - BHO: (no name) - {5297A80C-DBA6-41A4-A291-0
O16 - DPF: {00E1C63A-1060-4EED-928B-2
O16 - DPF: {39B0684F-D7BF-4743-B050-F
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D
O16 - DPF: {96816368-C1E3-414D-A193-6
O20 - Winlogon Notify: eqciwtko - C:\WINDOWS\SYSTEM32\dhcpmo
Also try scanning your PC with Super AntiSpyware as well
Thanks
Xpelled