Hijack this help

Question

Can someone look over this and provide some advice.   Logfile of HijackThis v1.99.1 Scan saved at 7:10:59 PM, on 10/16/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\dla	fswctrl.exe C:\Program Files\Dell AIO Printer A940\dlbabmon.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDXggyks41LS9hl3CmFdY6W2olJnJIBazNSncanmwqm2MzqqP3V2ot4GmuRbg8Ex3PCWJIZbCQLYjH5YA9jqS6PZNU9OEpX6pnIzEU2zf7hpSPwww5Rhq4Iz1bAZkR2QE2RJHwu/2XUwBq3boJeAoPKkPGdNxUAdQS R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.kodak.com/go/regeasysharesw_english?CDVERSION=SKU53&OS=WINXP&CDORIGIN=SKU53 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Dell AIO Printer A940] 'C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe' O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe O4 - HKLM\..\Run: [UpdateManager] 'C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe' /r O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin
pjpi150_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin
pjpi150_07.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141175222812 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32	azth.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

bamajim · Answer

rjob74

You are currently running Hijackthis from a temp location or it is not unzipped properly

Download a self extracting version of hijackthis HERE

Double click on hijackthis.exe to extract hijackthis to folder c:\hijackthis.
It will extract it to that folder and open the folder for you.

It will also create a shortcut on your desktop to HijackThis.

Then rerun Hijackthis and repost your log

bamajim Graduate of Malware Removal University

rjob74 · Answer

Thanks!  Hopefully it is correct now.     Logfile of HijackThis v1.99.1 Scan saved at 6:57:04 AM, on 10/17/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Dell AIO Printer A940\dlbabmon.exe C:\WINDOWS\system32\dla	fswctrl.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDXggyks41LS9hl3CmFdY6W2olJnJIBazNSncanmwqm2MzqqP3V2ot4GmuRbg8Ex3PCWJIZbCQLYjH5YA9jqS6PZNU9OEpX6pnIzEU2zf7hpSPwww5Rhq4Iz1bAZkR2QE2RJHwu/2XUwBq3boJeAoPKkPGdNxUAdQS R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.kodak.com/go/regeasysharesw_english?CDVERSION=SKU53&OS=WINXP&CDORIGIN=SKU53 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Dell AIO Printer A940] 'C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe' O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe O4 - HKLM\..\Run: [UpdateManager] 'C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe' /r O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin
pjpi150_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin
pjpi150_07.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141175222812 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32	azth.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

bamajim · Answer

rjob74   Please go here And Download SmitFraudFix by S!ri Save it to your Desktop->>Rt Click->>Extract all->>and extract it to your desktop Open The Smitfraud folder Double-click smitfraudfix.cmd Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Open that file, Ctrl+A to copy, and post a copy of that log as a reply to this thread Do Not run option 2 until instructed to do so bamajim   Graduate of Malware Removal University

rjob74 · Answer

Hopefully I did this correctly.   Logfile of HijackThis v1.99.1 Scan saved at 6:57:04 AM, on 10/17/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Dell AIO Printer A940\dlbabmon.exe C:\WINDOWS\system32\dla	fswctrl.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDXggyks41LS9hl3CmFdY6W2olJnJIBazNSncanmwqm2MzqqP3V2ot4GmuRbg8Ex3PCWJIZbCQLYjH5YA9jqS6PZNU9OEpX6pnIzEU2zf7hpSPwww5Rhq4Iz1bAZkR2QE2RJHwu/2XUwBq3boJeAoPKkPGdNxUAdQS R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.kodak.com/go/regeasysharesw_english?CDVERSION=SKU53&OS=WINXP&CDORIGIN=SKU53 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Dell AIO Printer A940] 'C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe' O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe O4 - HKLM\..\Run: [UpdateManager] 'C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe' /r O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin
pjpi150_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin
pjpi150_07.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141175222812 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32	azth.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE   Message Edited by rjob74 on 10-17-2006 08:06 PM

bamajim · Answer

rjob74

What you posted was another Hijackthis log, what I needed was the C:\rapport.txt log from Smitfraudfix :smileyhappy:

Please post the rapport.txt log from Smitfraudfix

bamajim Graduate of Malware Removal University

rjob74 · Answer

I thought it looked familiar. Okay this should be correct.

SmitFraudFix v2.110

Scan done at 20:04:04.31, Tue 10/17/2006
Run from C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GDIVG1EJ\SmitfraudFix[1]\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\tazth.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f31aee4a-1530-4fef-8537-79c6973bff9a}"="gaonic"

[HKEY_CLASSES_ROOT\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32]
@="C:\WINDOWS\system32\tazth.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32]
@="C:\WINDOWS\system32\tazth.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

bamajim · Answer

rjob74 Good job :smileyhappy: You may want to print out these instructions fro reference 1. Go here and Download AVG Anti-Spyware ( 30 day free trial version) Save it to Your Desktop   Double Click AVG Anti-Spyware-setup (It will create its own folder) Once the program starts You will be at the Status menu Under 'Your computers Security' Click change status on Resident shield to inactive Click Update now (next to last update) After the update loads Under Automatic updates Uncheck download and install updates automatically(recommended) (you can always select maual updates the next day) At the top toolbar Click Scanner Then the settings tab Under How to act? Set default action for detected malwareTo QuarantineUnder how to scan All boxes should be checked Under Possibly unwanted software All boxes should be checked Under reports Select Automatically generate report after every scan Uncheck Only if threats were found Under what to scan Scan every file should be highlited Exit AVG(But do not run it yet) 2. Reboot into Safe Mode This can be done by Restart your PC, and after it starts, but before you see the Windows Splash screen Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices) Use your arrow keys and select Safe Mode and then Enter 3. Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : ' Registry cleaning - Do you want to clean the registry ?' answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question ' Replace infected file ?' by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually. Reboot in Safe Mode. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. 4. Run AVG Anti-Spyware Click scanner Select Complete system scan Once the scan finishes Select Apply all actions (The items found will be quarantined) Click save report as (Another window will open) Save it to your desktop (By default It will be saved in the AVG folder as) C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports Exit AVG Reboot your PC in Normal Mode->>Re run Hijackthis and post a fresh Hijackthis log. Double click the report-scan txt. you saved to your desktop It will open in Notepad Copy and paste that report as a reply to this thread Your reply should include a fresh hijackthis log your c:rapport.txt log from Smitfraudfix your report_scan.txt from AVG You may have to post the results in more than one reply   bamajim   Graduate of Malware Removal University

rjob74 · Answer

The new rapport

SmitFraudFix v2.110

Scan done at 8:21:55.04, Thu 10/19/2006
Run from C:\Documents and Settings\Brian\Desktop\smitfraud\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

rjob74 · Answer

The AVG report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:39:10 AM 10/19/2006

+ Scan result:

C:\System Volume Information\_restore{36647226-7F25-4605-8D83-F04911E27484}\RP263\A0011944.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-776561741-1604221776-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D22A64-2399-4EDF-8B32-F2C729C1E8A7} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
HKU\S-1-5-21-776561741-1604221776-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D869742A-E5D2-4624-96C7-AAE26170665E} -> Adware.HQVideoCodec : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{36647226-7F25-4605-8D83-F04911E27484}\RP288\A0013415.DLL -> Adware.IWon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{36647226-7F25-4605-8D83-F04911E27484}\RP310\A0016003.EXE -> Adware.MyWebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{36647226-7F25-4605-8D83-F04911E27484}\RP314\A0016358.EXE -> Adware.MyWebSearch : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sandlot Shared\slghex.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{36647226-7F25-4605-8D83-F04911E27484}\RP288\A0013403.DLL -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{36647226-7F25-4605-8D83-F04911E27484}\RP314\A0016316.exe -> Downloader.Zlob.apu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{36647226-7F25-4605-8D83-F04911E27484}\RP314\A0016334.exe -> Downloader.Zlob.apu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{36647226-7F25-4605-8D83-F04911E27484}\RP314\A0016337.exe -> Downloader.Zlob.apu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{36647226-7F25-4605-8D83-F04911E27484}\RP314\A0016349.exe -> Downloader.Zlob.apu : Cleaned with backup (quarantined).
C:\Documents and Settings\Kat\Cookies\kat@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kat\Cookies\kat@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Brian\Cookies\brian@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Mymanda\Cookies\mymanda@e-2dj6wfl4aodjakq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Mymanda\Cookies\mymanda@e-2dj6wjkygmcjkbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Kat\Cookies\kat@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Kat\Cookies\kat@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Brian\Cookies\brian@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Mymanda\Cookies\mymanda@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

Thanks!

rjob74 · Answer

The new HijackThis   Logfile of HijackThis v1.99.1 Scan saved at 9:42:48 AM, on 10/19/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\dla	fswctrl.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Dell AIO Printer A940\dlbabmon.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\hijackthis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.kodak.com/go/regeasysharesw_english?CDVERSION=SKU53&OS=WINXP&CDORIGIN=SKU53 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Dell AIO Printer A940] 'C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe' O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe O4 - HKLM\..\Run: [UpdateManager] 'C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe' /r O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] 'C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe' /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin
pjpi150_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin
pjpi150_07.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141175222812 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

bamajim · Answer

rjob74   Well Done. How's your PC running now?   bamajim   Graduate of Malware Removal University

rjob74 · Answer

Things seem back to normal, except when my wife logs on, she gets the following message in a Desktop-Notepad window:   [.ShellclassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787   This is what first made me think there was a problem, when she mentioned she kept getting a Desktop-Notepad window everytime she logged on.   Is this related to the other problems?  Is it even a problem?  My guess is yes, but I don't know.  Thank you once more. Message Edited by rjob74 on 10-20-2006 07:09 AM

rjob74 · Answer

Things seem back to normal, except when my wife logs on, she gets the following message in a Desktop-Notepad window:   [.ShellclassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787   This

bamajim · Answer

rjob74

I'd like to look at something else please

Go HERE and Download System Repair Engine by smallfrogs

Save it to your Desktop
Rt Click sreng2.zip->>Extract all->>Extract it to your desktop
Open the sreng folder
Double click SREng->>Click Run
At the main Window, in the left Pane,Select Smart Scan
At the next window make sure all of the boxes are checked and Select Scan
When the scan is complete Select Save reports
Save it to your desktop and Close the tool
Double Click SREngLog.txt copy and paste that log as a reply to this thread

Do not run any other options with this tool unless instructed to do so.

You may have to post the results in more than one reply

bamajim Graduate of Malware Removal University

rjob74 · Answer

[PID: 520][C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe] [N/A, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\Kfx.dll] [N/A, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll] [N/A, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll] [N/A, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\MediaEngine.dll] [SOLIDFX, LLC, 5, 2, 3, 15]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\ESApp.dll] [Eastman Kodak Company, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll] [, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaDB.esx] [Eastman Kodak Company, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaImage.dll] [Eastman Kodak Company, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\KCat40.dll] [Eastman Kodak Company, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\kcor40.dll] [Eastman Kodak Company, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LTDIS10N.dll] [LEAD Technologies, Inc., 10.0.0.024]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LTKRN10N.dll] [LEAD Technologies, Inc., 10.0.0.024]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LTFIL10N.DLL] [LEAD Technologies, Inc., 10.0.0.024]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LTIMG10N.dll] [LEAD Technologies, Inc., 10.0.0.018]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LTEFX10N.dll] [LEAD Technologies, Inc., 10.0.0.018]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx] [N/A, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll] [Eastman Kodak Co., 5, 2, 30, 78]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocESApp.dll] [Eastman Kodak Co., 5, 2, 30, 78]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\UIFx.dll] [TODO: , 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\Acqmod.esx] [Eastman Kodak Company, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll] [N/A, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\AddressBook.esx] [Eastman Kodak, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\CameraCollection.esx] [TODO: , 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx] [N/A, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll] [N/A, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\AreaIF.dll] [Eastman Kodak Company, 1, 0, 0, 11]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\EGCreatives.esx] [Eastman Kodak Company, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocEGCreatives.dll] [Eastman Kodak Co., 5, 2, 30, 76]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\ESColl.esx] [Eastman Kodak Company, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocESColl.dll] [Eastman Kodak Co., 5, 2, 30, 78]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\ESDeviceSetup.esx] [TODO: , 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocESDeviceSetup.dll] [Eastman Kodak Co., 5, 2, 30, 78]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\ESShastaEditPipe.esx] [Eastman Kodak Company, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\KcmsMgr.dll] [N/A, N/A]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\KODAKCMS.dll] [Eastman Kodak Company, 5.1.001]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\ShastaPath.dll] [Eastman Kodak Company, 3, 1, 0, 0]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx] [N/A, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxIm30.dll] [N/A, N/A]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBase30.dll] [N/A, N/A]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProc30.dll] [N/A, N/A]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML30.dll] [N/A, N/A]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFF30.dll] [N/A, N/A]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmp30.dll] [N/A, N/A]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommon30.dll] [N/A, N/A]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSlideShow.esx] [TODO: , 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\ESUIWireless.esx] [Eastman Kodak Company, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocESUIWireless.dll] [Eastman Kodak Co., 5, 2, 30, 78]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\ESWireless.esx] [TODO: , 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx] [N/A, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\KDCImagePath.esx] [Eastman Kodak Company, 5, 2, 30, 56]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\PTP.esx] [Eastman Kodak Company, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll] [, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx] [N/A, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll] [, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll] [, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocPCD.dll] [Eastman Kodak Co., 5, 2, 30, 78]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx] [, 5, 2, 30, 73]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll] [Eastman Kodak Co., 5, 2, 30, 78]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaBBook.esx] [TODO: , 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaBBook.dll] [Eastman Kodak Co., 5, 2, 30, 78]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaBrowser.esx] [Eastman Kodak Company, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaBrowser.dll] [Eastman Kodak Co., 5, 2, 30, 78]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx] [, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDR.dll] [Eastman Kodak Company, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\PRIMOSDK.dll] [Sonic Solutions, 2.0.60.500]
    [C:\WINDOWS\system32\PX.dll] [Sonic Solutions, 2.0.60.500]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll] [Eastman Kodak Co., 5, 2, 30, 78]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaEdit.esx] [Eastman Kodak Company, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaEdit.dll] [Eastman Kodak Co., 5, 2, 30, 78]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaEmail.esx] [, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll] [, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaEmail.dll] [Eastman Kodak Co., 5, 2, 30, 78]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrint.esx] [Eastman Kodak Company, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\kpri40.dll] [, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaPrint.dll] [Eastman Kodak Co., 5, 2, 30, 78]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx] [, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll] [N/A, 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll] [Eastman Kodak Co., 5, 2, 30, 78]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\XMIApi.esx] [TODO: , 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\Escom.dll] [, 5, 2, 30, 73]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\ESRendezvousInfc.dll] [TODO: , 5, 2, 30, 80]
    [C:\Program Files\Kodak\Kodak EasyShare software\bin\ptpitcp.dll] [FotoNation Inc., 2, 11, 30, 79]
[PID: 576][C:\Program Files\SpywareGuard\sgmain.exe] [N/A, 2.02.0001]
[PID: 732][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe] [Anti-Malware Development a.s., 7, 5, 0, 47]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 744][C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe] [GRISOFT, s.r.o., 7,1,0,365]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll] [GRISOFT, s.r.o., 7,1,0,349]
    [C:\Program Files\Grisoft\AVG Free\avgcfg.dll] [GRISOFT, s.r.o., 7,1,0,404]
    [C:\Program Files\Grisoft\AVG Free\avgklib.dll] [GRISOFT, s.r.o., 7,1,0,321]
    [C:\Program Files\Grisoft\AVG Free\avglng.dll] [GRISOFT, s.r.o., 7,1,0,400]
    [C:\Program Files\Grisoft\AVG Free\avgamint.dll] [GRISOFT, s.r.o., 7,1,0,349]
    [C:\Program Files\Grisoft\AVG Free\avgamsps.dll] [GRISOFT, s.r.o., 7,1,0,285]
[PID: 784][C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe] [GRISOFT, s.r.o., 7,1,0,349]
    [C:\Program Files\Grisoft\AVG Free\avgupd.dll] [GRISOFT, s.r.o., 7,1,0,404]
    [C:\Program Files\Grisoft\AVG Free\avgupsvc.dll] [GRISOFT, s.r.o., 7,1,0,285]
    [C:\Program Files\Grisoft\AVG Free\avgcfg.dll] [GRISOFT, s.r.o., 7,1,0,404]
    [C:\Program Files\Grisoft\AVG Free\avgklib.dll] [GRISOFT, s.r.o., 7,1,0,321]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll] [GRISOFT, s.r.o., 7,1,0,349]
    [C:\Program Files\Grisoft\AVG Free\avgamsps.dll] [GRISOFT, s.r.o., 7,1,0,285]
[PID: 932][C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe] [GRISOFT, s.r.o., 7,1,0,400]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\libsasl.dll] [GRISOFT, s.r.o., 7,1,0,285]
    [C:\Program Files\Grisoft\AVG Free\avgcfg.dll] [GRISOFT, s.r.o., 7,1,0,404]
    [C:\Program Files\Grisoft\AVG Free\avgklib.dll] [GRISOFT, s.r.o., 7,1,0,321]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll] [GRISOFT, s.r.o., 7,1,0,349]
    [C:\Program Files\Grisoft\AVG Free\avglng.dll] [GRISOFT, s.r.o., 7,1,0,400]
    [C:\Program Files\Grisoft\AVG Free\avgscan.dll] [GRISOFT, s.r.o., 7,1,0,406]
    [C:\Program Files\Grisoft\AVG Free\avgunarc.dll] [GRISOFT, s.r.o., 7,1,0,407]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\saslcrammd5.dll] [GRISOFT, s.r.o., 7,1,0,285]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\sasldigestmd5.dll] [GRISOFT, s.r.o., 7,1,0,285]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\sasllogin.dll] [GRISOFT, s.r.o., 7,1,0,285]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\saslplain.dll] [GRISOFT, s.r.o., 7,1,0,300]
    [C:\Program Files\Grisoft\AVG Free\avgmail.dll] [GRISOFT, s.r.o., 7,1,0,400]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\avgemcps.dll] [GRISOFT, s.r.o., 7, 0, 0, 238]
[PID: 1160][C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0818.00]
[PID: 1484][C:\Program Files\SpywareGuard\sgbhp.exe] [N/A, 2.02.0001]
[PID: 1460][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Dell AIO Printer A940\dlbamcro.dll] [Dell Computer Corporation, 0.1.1.1]
    [C:\Program Files\Dell AIO Printer A940\ConvDIB.dll] [N/A, N/A]
[PID: 1868][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 2172][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3576][C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe] [Google Inc., 1, 2, 908, 5008]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\res_en.dll] [Google Inc., 1, 2, 908, 5008]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\swg.dll] [Google Inc., 1, 2, 908, 5008]
[PID: 3860][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\google\googletoolbar3.dll] [Google Inc., 4, 0, 1020, 2544]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200]
    [C:\Program Files\SpywareGuard\dlprotect.dll] [N/A, 2.02]
    [C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
    [C:\WINDOWS\system32\dla\tfswshx.dll] [Sonic Solutions, 1.04.05b]
    [C:\WINDOWS\system32\tfswapi.dll] [Sonic Solutions, 1.04.05b]
    [C:\WINDOWS\system32\dla\tfswcres.dll] [Sonic Solutions, 1.04.05b]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBAUI5C.DLL] [Dell Computer Corporation, 0,3,0,0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBASTRN.DLL] [Dell Computer Corporation, 1.0.5.0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBADR5C.DLL] [Dell Computer Corporation, 0,3,0,0]
    [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 10.1r11]
[PID: 3424][C:\WINDOWS\system32\igfxsrvc.exe] [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4396]
[PID: 3404][C:\Documents and Settings\Owner\Desktop\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================

Virus & Spyware

Hijack this help

Was this post helpful?