Sign In
Register
Help
Can any one help. I appear to have clicked a pop up by mistake and now whenever I use internet explorer I get redirected to speedapp.com/tftmedium or bestfreedailyporn.com. I rely on my laptop for college and urgently need it sorted. I've tried running Spybot, Adaware, Avast but none appear to do the trick.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:19, on 26/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32wltrysvc.exe
C:WINDOWSSystem32bcmwltry.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSsystem32bgsvcgen.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesDellNICCONFIGSVCNICCONFIGSVC.exe
C:Program FilesDell Support Centerbinsprtsvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesIntelPROSetWiredNCSPROSetPRONoMgr.exe
C:Program FilesCyberLinkPowerDVDDVDLauncher.exe
C:PROGRA~1COMMON~1AOLAOLSPY~1AOLSP Scheduler.exe
C:Program FilesDellMedia ExperienceDMXLauncher.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:WINDOWSsystem32wltray.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABE.EXE
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesLexmark 2500 Serieslxddamon.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCommon FilesAOL1227445566eeAOLSoftware.exe
C:Program FilesDell Support Centerbinsprtcmd.exe
C:WINDOWSsystem32ctfmon.exe
C:DOCUME~1TANYAL~1LOCALS~1TempImagesIEPR.exe
C:DOCUME~1TANYAL~1LOCALS~1TempImagesiOmem.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesDellSupportDSAgnt.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesFinePixViewerQuickDCF2.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:Program FilesMicrosoft OfficeOffice12WINWORD.EXE
C:Program FilesMicrosoftOffice LiveOfficeLiveSignIn.exe
C:Program FilesAOL 9.0waol.exe
C:Program FilesAOL 9.0shellmon.exe
C:Program FilesCommon FilesAOLaoltpspd.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.bbc.co.uk/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,DefaultPageURL = http://go.microsoft....k/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,DefaultSearchURL = http://go.microsoft....k/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = "C:Program FilesMSN Gaming ZoneWindowsshvlzm.exe"
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:Program FilesLexmark Toolbartoolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: (no name) - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesZoneAlarmSBbar1.binSPYBLOCK.DLL
O4 - HKLM..Run: IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [Dell QuickSet] C:Program FilesDellQuickSetquickset.exe
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [PRONoMgrWired] C:Program FilesIntelPROSetWiredNCSPROSetPRONoMgr.exe
O4 - HKLM..Run: [DVDLauncher] "C:Program FilesCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [AOL Spyware Protection] "C:PROGRA~1COMMON~1AOLAOLSPY~1AOLSP Scheduler.exe"
O4 - HKLM..Run: [DMXLauncher] C:Program FilesDellMedia ExperienceDMXLauncher.exe
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe
O4 - HKLM..Run: [http://wltray.exe C:WINDOWSsystem32wltray.exe
O4 - HKLM..Run: EPSON Stylus D88 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 - HKLM..Run: [REGSHAVE] C:Program FilesREGSHAVEREGSHAVE.EXE /AUTORUN
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [http://lxddmon.exe "C:Program FilesLexmark 2500 Serieslxddmon.exe"
O4 - HKLM..Run: lxddamon] "C:Program FilesLexmark 2500 Serieslxddamon.exe"
O4 - HKLM..Run: [Sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions
O4 - HKLM..Run: [MSKDetectorExe] C:Program FilesMcAfeeSpamKillerMSKDetct.exe /uninstall
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [HostManager] C:Program FilesCommon FilesAOL1227445566eeAOLSoftware.exe
O4 - HKLM..Run: [IPHSend] C:Program FilesCommon FilesAOLIPHSendIPHSend.exe
O4 - HKLM..Run: [dellsupportcenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P dellsupportcenter
O4 - HKCU..Run: [http://ctfmon.exe C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: EPSON Stylus D88 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /M "Stylus D88" /EF "HKCU"
O4 - HKCU..Run: [IEPR] C:DOCUME~1TANYAL~1LOCALS~1TempImagesIEPR.exe
O4 - HKCU..Run: [iOmem] C:DOCUME~1TANYAL~1LOCALS~1TempImagesiOmem.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [DellSupport] "C:Program FilesDellSupportDSAgnt.exe" /startup
O4 - HKUSS-1-5-18..Run: [http://CTFMON.EXE C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [http://CTFMON.EXE C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher 2.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: STARTPAGEURL=http://www.tesco.net
O16 - DPF: NTLSignup - https://register.tes...o/NTLSignup.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.c...s/ebraryRdr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint....rintActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...ared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6662.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_pl...geUploader4.cab
O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} (Bonusprint Image Uploader Version 4.5 Control) - http://webalbum.bonu...geUploader4.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm...geUploader4.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - https://www.tescopho...opcuploader.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.pvw.od2....nagerPlugin.CAB
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PBUploader Class) - http://static.photob...common/uploaderuni.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {DBFECB3F-B78F-442E-AE46-4952E6F17545} (Bonusprint Image Uploader Version 3.5) - http://webalbum.bonu...geUploader3.cab
O17 - HKLMSystemCCSServicesTcpip..{D1BC338E-C5D5-4B79-BAC7-491B4D1090B5}: NameServer = 205.188.146.145
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:WINDOWSsystem32bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:Program FilesDellSupportbrkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:WINDOWSSystem32spoolDRIVERSW32X863lxddserv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:Program FilesIntelPROSetWiredNCSSyncNetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:Program FilesDellNICCONFIGSVCNICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:Program FilesDell Support Centerbinsprtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:WINDOWSSystem32wltrysvc.exe
O24 - Desktop Component 1: (no name) - http://hardy.lib.ang...source=APU00782
--
End of file - 16531 bytes
Page 1 of 1
Browser hijack - help urgently needed
MultiQuote
#2
Flashorn 
- Expert
-
- Group: Members
- Posts: 2,848
- Joined: 19-May 07
- Location:Canada
Posted 26 November 2008 - 01:19 PM
Hey tanibury!!
Welcome to PCWorld Community!
OK, well let's start with downloading a few apps that will probably get your
IE back in order.
Download , Install and UP_DATE these two apps.BEFORE you scan.
MalwarBytes AntiMalware .
SUPERAntiSpyware AntiSpyware .
Use the FREE version of these apps. PLZ don't forget to UP-DAte before using.
DO a FULL scan with both apps. It doesn't matter which one you use first , just do a
full scan with both.
Once finished scanning, go to the LOGS tab and copy and paste what they have found
and quarantined.
You should also delete all of the temps files once the scans are completed .
For this we use ATF Cleaner by Atribune .
Now, go to work and report your findings along with the Logs of Both security apps.
I did not look at your HijackThis log but, SpiritWind will probably do so.
For now, do the scans and report back.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
Welcome to PCWorld Community!
OK, well let's start with downloading a few apps that will probably get your
IE back in order.
Download , Install and UP_DATE these two apps.BEFORE you scan.
MalwarBytes AntiMalware .
SUPERAntiSpyware AntiSpyware .
Use the FREE version of these apps. PLZ don't forget to UP-DAte before using.
DO a FULL scan with both apps. It doesn't matter which one you use first , just do a
full scan with both.
Once finished scanning, go to the LOGS tab and copy and paste what they have found
and quarantined.
You should also delete all of the temps files once the scans are completed .
For this we use ATF Cleaner by Atribune .
Now, go to work and report your findings along with the Logs of Both security apps.
I did not look at your HijackThis log but, SpiritWind will probably do so.
For now, do the scans and report back.
FLASHORN. !http://forums.pcworld.com/legacyimages/
1!
#3
SpiritWind
- Expert
-
- Group: Members
- Posts: 1,921
- Joined: 19-August 06
Posted 26 November 2008 - 03:20 PM
Hi :In addition to the 3 programs that "Flash" recommeded, the following is DIRECTLY
related to your "speedapp" :
"O2 - BHO: (no name) - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)"
and you should have the HijackThis program "fix" it . However, you should delay doing
that "fix" because there is a lot in your Log that would best be reviewed by an experienced,
trained, certified, Volunteer "Malware Removal Specialist" that are available on the
Spybot Support Forums at forums.spybot.info/ . Your Java from Sun appears to be
outdated and should be uninstalled and you have an unnecessary
"O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe"
that creates a security "hole" in your computer .
#4
tanibury
- Newbie
-
- Group: Members
- Posts: 2
- Joined: 26-November 08
Posted 27 November 2008 - 12:09 AM
I have done what you suggested but unfortunetly it is still doing it.
can saved at 08:06:31, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32wltrysvc.exe
C:WINDOWSSystem32bcmwltry.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSsystem32bgsvcgen.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesDellNICCONFIGSVCNICCONFIGSVC.exe
C:Program FilesDell Support Centerbinsprtsvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesIntelPROSetWiredNCSPROSetPRONoMgr.exe
C:Program FilesCyberLinkPowerDVDDVDLauncher.exe
C:PROGRA~1COMMON~1AOLAOLSPY~1AOLSP Scheduler.exe
C:Program FilesDellMedia ExperienceDMXLauncher.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:WINDOWSsystem32wltray.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABE.EXE
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesLexmark 2500 Serieslxddmon.exe
C:Program FilesLexmark 2500 Serieslxddamon.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCommon FilesAOL1227445566eeAOLSoftware.exe
C:Program FilesDell Support Centerbinsprtcmd.exe
C:WINDOWSsystem32ctfmon.exe
C:DOCUME~1TANYAL~1LOCALS~1TempImagesIEPR.exe
C:DOCUME~1TANYAL~1LOCALS~1TempImagesiOmem.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesDellSupportDSAgnt.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesFinePixViewerQuickDCF2.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:Program FilesAOL 9.0aol.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.bbc.co.uk/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,DefaultPageURL = http://go.microsoft....k/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,DefaultSearchURL = http://go.microsoft....k/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = "C:Program FilesMSN Gaming ZoneWindowsshvlzm.exe"
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:Program FilesLexmark Toolbartoolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: (no name) - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesZoneAlarmSBbar1.binSPYBLOCK.DLL
O4 - HKLM..Run: IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [Dell QuickSet] C:Program FilesDellQuickSetquickset.exe
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [PRONoMgrWired] C:Program FilesIntelPROSetWiredNCSPROSetPRONoMgr.exe
O4 - HKLM..Run: [DVDLauncher] "C:Program FilesCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [AOL Spyware Protection] "C:PROGRA~1COMMON~1AOLAOLSPY~1AOLSP Scheduler.exe"
O4 - HKLM..Run: [DMXLauncher] C:Program FilesDellMedia ExperienceDMXLauncher.exe
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe
O4 - HKLM..Run: [http://wltray.exe C:WINDOWSsystem32wltray.exe
O4 - HKLM..Run: EPSON Stylus D88 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 - HKLM..Run: [REGSHAVE] C:Program FilesREGSHAVEREGSHAVE.EXE /AUTORUN
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [http://lxddmon.exe "C:Program FilesLexmark 2500 Serieslxddmon.exe"
O4 - HKLM..Run: lxddamon] "C:Program FilesLexmark 2500 Serieslxddamon.exe"
O4 - HKLM..Run: [Sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions
O4 - HKLM..Run: [MSKDetectorExe] C:Program FilesMcAfeeSpamKillerMSKDetct.exe /uninstall
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [HostManager] C:Program FilesCommon FilesAOL1227445566eeAOLSoftware.exe
O4 - HKLM..Run: [IPHSend] C:Program FilesCommon FilesAOLIPHSendIPHSend.exe
O4 - HKLM..Run: [dellsupportcenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P dellsupportcenter
O4 - HKCU..Run: [http://ctfmon.exe C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: EPSON Stylus D88 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /M "Stylus D88" /EF "HKCU"
O4 - HKCU..Run: [IEPR] C:DOCUME~1TANYAL~1LOCALS~1TempImagesIEPR.exe
O4 - HKCU..Run: [iOmem] C:DOCUME~1TANYAL~1LOCALS~1TempImagesiOmem.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [DellSupport] "C:Program FilesDellSupportDSAgnt.exe" /startup
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKUSS-1-5-18..Run: [http://CTFMON.EXE C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [http://CTFMON.EXE C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher 2.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: STARTPAGEURL=http://www.tesco.net
O16 - DPF: NTLSignup - https://register.tes...o/NTLSignup.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.c...s/ebraryRdr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint....rintActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...ared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6662.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_pl...geUploader4.cab
O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} (Bonusprint Image Uploader Version 4.5 Control) - http://webalbum.bonu...geUploader4.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm...geUploader4.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - https://www.tescopho...opcuploader.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.pvw.od2....nagerPlugin.CAB
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PBUploader Class) - http://static.photob...common/uploaderuni.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {DBFECB3F-B78F-442E-AE46-4952E6F17545} (Bonusprint Image Uploader Version 3.5) - http://webalbum.bonu...geUploader3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:WINDOWSsystem32bgsvcgen.exe
O23 - Service: DSBrokerService - Unknown owner - C:Program FilesDellSupportbrkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:WINDOWSSystem32spoolDRIVERSW32X863lxddserv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:Program FilesIntelPROSetWiredNCSSyncNetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:Program FilesDellNICCONFIGSVCNICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:Program FilesDell Support Centerbinsprtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:WINDOWSSystem32wltrysvc.exe
O24 - Desktop Component 1: (no name) - http://hardy.lib.ang...source=APU00782
--
End of file - 15938 bytes
can saved at 08:06:31, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32wltrysvc.exe
C:WINDOWSSystem32bcmwltry.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSsystem32bgsvcgen.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesDellNICCONFIGSVCNICCONFIGSVC.exe
C:Program FilesDell Support Centerbinsprtsvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesIntelPROSetWiredNCSPROSetPRONoMgr.exe
C:Program FilesCyberLinkPowerDVDDVDLauncher.exe
C:PROGRA~1COMMON~1AOLAOLSPY~1AOLSP Scheduler.exe
C:Program FilesDellMedia ExperienceDMXLauncher.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:WINDOWSsystem32wltray.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABE.EXE
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesLexmark 2500 Serieslxddmon.exe
C:Program FilesLexmark 2500 Serieslxddamon.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCommon FilesAOL1227445566eeAOLSoftware.exe
C:Program FilesDell Support Centerbinsprtcmd.exe
C:WINDOWSsystem32ctfmon.exe
C:DOCUME~1TANYAL~1LOCALS~1TempImagesIEPR.exe
C:DOCUME~1TANYAL~1LOCALS~1TempImagesiOmem.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesDellSupportDSAgnt.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesFinePixViewerQuickDCF2.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:Program FilesAOL 9.0aol.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.bbc.co.uk/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,DefaultPageURL = http://go.microsoft....k/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,DefaultSearchURL = http://go.microsoft....k/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = "C:Program FilesMSN Gaming ZoneWindowsshvlzm.exe"
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:Program FilesLexmark Toolbartoolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: (no name) - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesZoneAlarmSBbar1.binSPYBLOCK.DLL
O4 - HKLM..Run: IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [Dell QuickSet] C:Program FilesDellQuickSetquickset.exe
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [PRONoMgrWired] C:Program FilesIntelPROSetWiredNCSPROSetPRONoMgr.exe
O4 - HKLM..Run: [DVDLauncher] "C:Program FilesCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [AOL Spyware Protection] "C:PROGRA~1COMMON~1AOLAOLSPY~1AOLSP Scheduler.exe"
O4 - HKLM..Run: [DMXLauncher] C:Program FilesDellMedia ExperienceDMXLauncher.exe
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb10.exe
O4 - HKLM..Run: [http://wltray.exe C:WINDOWSsystem32wltray.exe
O4 - HKLM..Run: EPSON Stylus D88 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 - HKLM..Run: [REGSHAVE] C:Program FilesREGSHAVEREGSHAVE.EXE /AUTORUN
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [http://lxddmon.exe "C:Program FilesLexmark 2500 Serieslxddmon.exe"
O4 - HKLM..Run: lxddamon] "C:Program FilesLexmark 2500 Serieslxddamon.exe"
O4 - HKLM..Run: [Sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions
O4 - HKLM..Run: [MSKDetectorExe] C:Program FilesMcAfeeSpamKillerMSKDetct.exe /uninstall
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [HostManager] C:Program FilesCommon FilesAOL1227445566eeAOLSoftware.exe
O4 - HKLM..Run: [IPHSend] C:Program FilesCommon FilesAOLIPHSendIPHSend.exe
O4 - HKLM..Run: [dellsupportcenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P dellsupportcenter
O4 - HKCU..Run: [http://ctfmon.exe C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: EPSON Stylus D88 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIABE.EXE /P23 "EPSON Stylus D88 Series" /M "Stylus D88" /EF "HKCU"
O4 - HKCU..Run: [IEPR] C:DOCUME~1TANYAL~1LOCALS~1TempImagesIEPR.exe
O4 - HKCU..Run: [iOmem] C:DOCUME~1TANYAL~1LOCALS~1TempImagesiOmem.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [DellSupport] "C:Program FilesDellSupportDSAgnt.exe" /startup
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKUSS-1-5-18..Run: [http://CTFMON.EXE C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [http://CTFMON.EXE C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher 2.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: STARTPAGEURL=http://www.tesco.net
O16 - DPF: NTLSignup - https://register.tes...o/NTLSignup.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.c...s/ebraryRdr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint....rintActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...ared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6662.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_pl...geUploader4.cab
O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} (Bonusprint Image Uploader Version 4.5 Control) - http://webalbum.bonu...geUploader4.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm...geUploader4.cab
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - https://www.tescopho...opcuploader.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.pvw.od2....nagerPlugin.CAB
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PBUploader Class) - http://static.photob...common/uploaderuni.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {DBFECB3F-B78F-442E-AE46-4952E6F17545} (Bonusprint Image Uploader Version 3.5) - http://webalbum.bonu...geUploader3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:WINDOWSsystem32bgsvcgen.exe
O23 - Service: DSBrokerService - Unknown owner - C:Program FilesDellSupportbrkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:WINDOWSSystem32spoolDRIVERSW32X863lxddserv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:Program FilesIntelPROSetWiredNCSSyncNetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:Program FilesDellNICCONFIGSVCNICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:Program FilesDell Support Centerbinsprtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:WINDOWSSystem32wltrysvc.exe
O24 - Desktop Component 1: (no name) - http://hardy.lib.ang...source=APU00782
--
End of file - 15938 bytes
#5
SpiritWind
- Expert
-
- Group: Members
- Posts: 1,921
- Joined: 19-August 06
Posted 27 November 2008 - 11:25 AM
Hi :From your latest HijackThis Log, the only thing you have done is remove
"BonjourmDNSResponder", a good but minor start to fixing your computer. NOW, as I
recommended in my previous Post, go to http://forums.spybot.info , SPECIFICALLY to
their "Malware Removal" forum and follow the Advice in the 1st Thread there, that says
"BEFORE you POST........" . They are best qualified to properly help you .
P.S. I just finished "visiting" the Spybot Forums ; they appear to be very busy . IF you would
like help from a less busy, but equally qualified Volunteer Experts, go to the "Spyware
Beware" Forums, starting at forums.maddoktor2.com/index.php?showtopic=9590 .
Page 1 of 1
