Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

BBeth

25 Posts

2086

November 9th, 2006 21:00

Hijack This Log

HEre is a copy of the log:
 
Logfile of HijackThis v1.99.1
Scan saved at 5:03:27 PM, on 11/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\SURFMONKEY\SMPROXY.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmoAgent.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126547750265
O17 - HKLM\System\CCS\Services\Tcpip\..\{C741FC6E-11A7-474C-B925-913E69ECE21F}: NameServer = 207.69.188.185,207.69.188.186
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
 

Message Edited by BBeth on 11-09-200605:07 PM

Bugbatter

4 Apprentice

 • 

20.5K Posts

November 9th, 2006 22:00

Hi,BBeth,
Let's take a look and see if anything from your PestTrap infection is hiding.

Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.


Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

  2. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  3. Select Change state" to inactivate 'Resident Shield' and 'Automatic Updates'
  4. Right click on ewido in the system tray and uncheck "Start with Windows".
    Go to Start > Run and type: services.msc
  5. Press "OK".
  6. In Services, click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
  7. When you find the guard service, double-click on it.
  8. In the Properties Window > General Tab that opens, click the "Stop" button.
  9. From the drop-down menu next to "Startup Type", click on "Manual".
  10. Now click "Apply", then "OK" and close the Services window.
  11. Once the setup is complete you will need run AVG AS and update the definition files.
  12. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you are having problems with the updater, manually update with the AVG AS Full database installer from here.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    • Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
      • Close AVG Anti-Spyware, Do Not run a scan just yet. We will shortly.

        Open the SmitfraudFix folder and double-click smitfraudfix.cmd
        Select option #1 - Search by typing 1 and press " Enter"; a text file will appear, which lists infected files (if present).
        Please copy/paste the content of that report into your next reply.

        IMPORTANT: Do NOT run any other options until you are asked to do so!

        Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
        http://www.beyondlogic.org/consulting/proc...processutil.htm

      BBeth

      25 Posts

      November 10th, 2006 02:00

      Sucessfully followeed last set of instructions.  Here is the SmitFraud log:
       
      SmitFraudFix v2.120
      Scan done at 22:58:30.34, Thu 11/09/2006
      Run from C:\Documents and Settings\Elizabeth G. Boyd\Desktop\SmitfraudFix
      OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
      Fix run in normal mode
      »»»»»»»»»»»»»»»»»»»»»»»» C:\

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Elizabeth G. Boyd

      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Elizabeth G. Boyd\Application Data

      »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ELIZAB~1.BOY\FAVORI~1

      »»»»»»»»»»»»»»»»»»»»»»»» Desktop

      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

      »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

      »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
       
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"=" http://www.rooneyandmuldoon.com/sitebuildercontent/sitebuilderpictures/courtyard_garden_for_relaxing_on_holiday.jpg"
      "SubscribedURL"=" http://www.rooneyandmuldoon.com/sitebuildercontent/sitebuilderpictures/courtyard_garden_for_relaxing_on_holiday.jpg"
      "FriendlyName"=""
       
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
      "Source"=" http://images-partners.google.com/images?q=tbn:-v7SUcUmHV3z1M:http://www.frenchconnections.co.uk/_db/_images/3569-20.jpg"
      "SubscribedURL"=" http://images-partners.google.com/images?q=tbn:-v7SUcUmHV3z1M:http://www.frenchconnections.co.uk/_db/_images/3569-20.jpg"
      "FriendlyName"=""
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="My Current Home Page"
      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, following keys are not inevitably infected!!!
      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, following keys are not inevitably infected!!!
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""

      »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

      »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

      »»»»»»»»»»»»»»»»»»»»»»»» End
       
       
      Please advise...Thanks!

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      November 10th, 2006 15:00

      When you say that you do not have your desktop back, exactly what are you now seeing, and what are you trying to get back to?

      BBeth

      25 Posts

      November 10th, 2006 18:00

      I am unable to modify my wallpaper/desktop background.  After Spyware Doctor cleaned up what it found, the old wallpaper came back, but when I go to Control Panel>display>desktop, the selections are frozen (I can't even scroll through the different choices), and it shows the desktop as solid blue (which it isn't - the old photo came back).  So, my concern is that I still have bits and pieces of the pest trap program in my computer and am thus not secure against pirating information or that program ressurecting itself.  Thanks.

      BBeth

      25 Posts

      November 10th, 2006 19:00

      SmitFraudFix v2.120
      Scan done at 15:35:43.57, Fri 11/10/2006
      Run from C:\Documents and Settings\Elizabeth G. Boyd\Desktop\SmitfraudFix
      OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
      Fix run in safe mode
      »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
      !!!Attention, following keys are not inevitably infected!!!
      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll
      »»»»»»»»»»»»»»»»»»»»»»»» Killing process

      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
      GenericRenosFix by S!Ri

      »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

      »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

      »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
       
      Registry Cleaning done.
       
      »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
      !!!Attention, following keys are not inevitably infected!!!
      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» End
       
       
      This is the only report I got.  I don't know if it checked wininet.dll - how do I determine this?  And what other logs would you be referring to (other than the hijack this log that I am doing now)?

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      November 10th, 2006 19:00

      Okay, thanks. I wasn't sure if you had set what your log is showing or if that is a remnant of something from the past.
      We're going to clean off your desktop.

      Please print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

      Please reboot your computer in Safe Mode by doing the following :
      • Restart your computer
      • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
      • Instead of Windows loading as normal, a menu with options should appear;
      • Select the first option, to run Windows in Safe Mode, then press "Enter".
      • Choose your usual account.
      Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
      Select option #2 - Clean by typing 2 and press " Enter" to delete infected files.

      You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

      The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

      The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows.
      A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report along with all others into your next reply along with a new HijackThis log.
      The report can also be found at the root of the system drive, usually at C:\rapport.txt
      ____________________________________________________________

      Clean out your Temporary Internet files. Proceed like this:
      • Quit Internet Explorer and quit any instances of Windows Explorer.
      • Click Start, click Control Panel, and then double-click Internet Options.
      • On the General tab, click Delete Files under Temporary Internet Files.
      • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
      • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
      • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
      • Click OK.
      Next Click Start, click Control Panel and then double-click Display.
      I know you said you don't have a Web tab behind General, but let's look again.
      Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

      Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin
      ______________________________

      Close ALL open Windows / Programs / Folders.

      In your next reply please include:

      1. The report from SmitfraudFix found here: C:\rapport.txt
      2. A fresh HijackThis log

      Let me know if you have been able to reset your desktop.

      You may need several replies to post the requested logs, otherwise they might get cut off.

      BBeth

      25 Posts

      November 10th, 2006 19:00

      Here is the hijack this log:
       
      Logfile of HijackThis v1.99.1
      Scan saved at 3:44:57 PM, on 11/10/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0011)
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\SYSTEM32\SVCHOST.EXE
      C:\WINDOWS\SYSTEM32\SVCHOST.EXE
      C:\WINDOWS\SYSTEM32\SVCHOST.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
      C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
      C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
      C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
      C:\Program Files\Real\RealPlayer\RealPlay.exe
      C:\WINDOWS\SURFMONKEY\SMPROXY.EXE
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\Dit.exe
      C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Dell Support\DSAgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe
      C:\Program Files\Spyware Doctor\swdoctor.exe
      C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
      C:\WINDOWS\DitExp.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Sony Handheld\HOTSYNC.EXE
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~2\TmoAgent.exe
      C:\hijackthis\HijackThis.exe
      R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
      R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
      R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
      O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
      O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
      O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
      O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
      O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
      O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
      O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
      O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
      O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
      O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Dit] Dit.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0
      O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
      O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
      O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126547750265
      O17 - HKLM\System\CCS\Services\Tcpip\..\{C741FC6E-11A7-474C-B925-913E69ECE21F}: NameServer = 207.69.188.185,207.69.188.186
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
      O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
       

      BBeth

      25 Posts

      November 10th, 2006 20:00

      Hi there!  Ok - I cleaned out the temp internet files, and have successfully changed the desktop wallpaper.    I also emptied the recycle bin and restarted.  Do I need to re-run smitfraud for another report and another HJT log, or are we good?  Also, do I need to have Spyware Dr. running in the background at all times in addition to the PC Cillin, and do I leave smitfraud, AVG and HJT on the system or do I uninstall?  Many thanks (I can never express in words haw grateful I am for your help!!!) - you are wonderful.  BB

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      November 10th, 2006 21:00

      You're welcome. We have just a bit more to do.

      Please disable SpywareDoctor's monitoring while we do this fix. Its immunization prevents bad changes, but it may also prevent our GOOD changeds to your Registry.
      To disable Spyware Doctor from running on your system startup:
      1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
      2. Click the "Settings" button on the left side.
      3. Click the "Startup Settings" link.
      4. Uncheck "Run at Windows Startup".
      5. Click the "Apply" button.
      Exit by a right-click on the "Spyware Doctor" icon in the system tray and choose "Exit".
      [To enable Spyware Doctor when you are finished, open the program, Settings>Startup Settings> CHECK "Run at Windows Startup">APPLY
      Exit. Reboot.]

      To disable PCTools Browser Monitor: If you are running Internet Explorer, click Tools > Manage Add-ons. If PCTools Browser Monitor is on the list, click it & select Disable. You will need to restart your browser after making the change.

      You may enable SpywareDoctor again when we are finished with the procedures below.

      Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
      • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
      • AVG AS will now begin the scanning process, be patient this may take a little time.
      • Once the scan is complete do the following:
      • If you have any infections you will prompted, then select "Apply all actions"
      • Next select the "Reports" icon at the top.
      • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
      • Close AVG AS and reboot.


      • Just to tidy things up, please launch HijackThis and place a checkmark next to these couple of remnants:
        R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
        R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
        Close all windows except HijackThis and click "Fix Checked". Exit HijackThis.

        Reboot.

        Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

        Updating Java:
        • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
        • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
        • Click the "Download" button to the right.
        • Check the box that says: "Accept License Agreement".
        • The page will refresh.
        • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
        • Close any programs you may have running - especially your web browser.
        • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
        • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
        • Click the Remove or Change/Remove button.
        • Repeat as many times as necessary to remove each Java versions.
        • Reboot your computer once all Java components are removed.
        • Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.

        Official JAVA Installation Instructions if needed.



        In your next reply please include that report from AVG AS and a new HJT log. Thanks.

        To answer your questions, it won't hurt to keep AVG as an on-demand scanner as long as you keep it updated. You have configured it so it does not run in the background. Yes, it's okay to keep SpywareDoctor and PCCillin running. When we are finished you may delete SmitfraudFix and HijackThis if you wish.

      BBeth

      25 Posts

      November 11th, 2006 04:00

      AVG scan report (prior to last HJT log):
       
      ---------------------------------------------------------
      AVG Anti-Spyware - Scan Report
      ---------------------------------------------------------
       + Created at: 11:49:13 PM 11/10/2006
       + Scan result: 
       
      C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0074618.exe -> Adware.Pesttrap : Cleaned.
      C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP533\A0075674.exe -> Adware.Spysheriff : Cleaned.
      C:\Documents and Settings\Elizabeth G. Boyd\Application Data\Earthlink\6.0\asbegb@earthlink.net\Cookies\elizabeth g. boyd@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
      C:\Documents and Settings\Elizabeth G. Boyd\Application Data\Earthlink\6.0\bboyd.eqb@earthlink.net\Cookies\elizabeth g. boyd@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
      C:\Documents and Settings\Elizabeth G. Boyd\Application Data\Earthlink\6.0\asbegb@earthlink.net\Cookies\elizabeth g. boyd@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
      C:\Documents and Settings\Elizabeth G. Boyd\Application Data\Earthlink\6.0\bboyd.eqb@earthlink.net\Cookies\elizabeth g. boyd@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
      C:\Documents and Settings\Elizabeth G. Boyd\Application Data\Earthlink\6.0\asbegb@earthlink.net\Cookies\elizabeth g. boyd@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
      C:\Documents and Settings\Elizabeth G. Boyd\Application Data\Earthlink\6.0\bboyd.eqb@earthlink.net\Cookies\elizabeth g. boyd@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
      C:\Documents and Settings\Elizabeth G. Boyd\Application Data\Earthlink\6.0\asbegb@earthlink.net\Cookies\elizabeth g. boyd@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
      C:\Documents and Settings\Elizabeth G. Boyd\Application Data\Earthlink\6.0\bboyd.eqb@earthlink.net\Cookies\elizabeth g. boyd@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
      C:\Documents and Settings\Elizabeth G. Boyd\Application Data\Earthlink\6.0\bboyd.eqb@earthlink.net\Cookies\elizabeth g. boyd@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
      C:\Documents and Settings\Elizabeth G. Boyd\Application Data\Earthlink\6.0\bboyd.eqb@earthlink.net\Cookies\elizabeth g. boyd@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
      C:\Documents and Settings\Elizabeth G. Boyd\Application Data\Earthlink\6.0\bboyd.eqb@earthlink.net\Cookies\elizabeth g. boyd@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.

      ::Report end

      BBeth

      25 Posts

      November 11th, 2006 04:00

      I did not see the 2 remnants in the hijack this launch.  AVG report to follow.
       
      NEw HJT log:
       
      Logfile of HijackThis v1.99.1
      Scan saved at 12:01:03 AM, on 11/11/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0011)
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\SYSTEM32\SVCHOST.EXE
      C:\WINDOWS\SYSTEM32\SVCHOST.EXE
      C:\WINDOWS\SYSTEM32\SVCHOST.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
      C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
      C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
      C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
      C:\WINDOWS\SURFMONKEY\SMPROXY.EXE
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\Dit.exe
      C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\DitExp.exe
      C:\Program Files\Dell Support\DSAgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe
      C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Sony Handheld\HOTSYNC.EXE
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\PROGRA~1\TRENDM~1\INTERN~2\TmoAgent.exe
      C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\hijackthis\HijackThis.exe
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
      O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
      O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
      O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
      O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
      O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
      O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
      O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
      O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
      O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Dit] Dit.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0
      O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
      O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126547750265
      O17 - HKLM\System\CCS\Services\Tcpip\..\{C741FC6E-11A7-474C-B925-913E69ECE21F}: NameServer = 207.69.188.185,207.69.188.186
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
      O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
       

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      November 11th, 2006 11:00

      Did you install the updated Java?

      Something is locking your Registry and preventing changes.

      Please disable SpywareDoctor, SpySweeper, and Earthlink's BHO Guard.
      Try the Java update again.

      Reboot into Safemode.

      Open HijackThis and run another scan.

      Place a checkmark next to these (They are still in your log.)
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

      Close all windows except HJT and click "Fix Checked".

      Reboot normally.

      Please post a fresh HJT log, and we'll see if that one worked.

      Thanks.

      Message Edited by Bugbatter on 11-11-200609:37 PM

      BBeth

      25 Posts

      November 11th, 2006 22:00

      I do not know how to disable Earthlink BHO or Spysweeper (didn't know I had this).  Please advise.

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      November 12th, 2006 01:00

      It appears that it is part of Earthlink's security suite.
      O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0

      I don't have Earthlink's instructions, so let's try fixing in Safemode.

      After you have downloaded the Java offline installation, boot into Safemode and install it if you haven't done so already.

      Still in Safemode continue with the HijackThis fix.
      Reboot normally when finished.

      BBeth

      25 Posts

      November 12th, 2006 04:00

      Well, that last scan/fix ticked off my computer - I froze up.  However, after re-booting, I ran HJT and received the following log report (the scan will follow):
      Logfile of HijackThis v1.99.1
      Scan saved at 11:59:53 PM, on 11/11/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0011)
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\SYSTEM32\SVCHOST.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\SYSTEM32\SVCHOST.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
      C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
      C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
      C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
      C:\WINDOWS\SURFMONKEY\SMPROXY.EXE
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\Dit.exe
      C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\Program Files\Dell Support\DSAgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe
      C:\WINDOWS\DitExp.exe
      C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Sony Handheld\HOTSYNC.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
      C:\hijackthis\HijackThis.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\System32\alg.exe
      C:\PROGRA~1\TRENDM~1\INTERN~2\TSC.EXE
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\HPZipm12.exe
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
      R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
      O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
      O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
      O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
      O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
      O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
      O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
      O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
      O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Dit] Dit.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
      O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0
      O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart
      O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126547750265
      O17 - HKLM\System\CCS\Services\Tcpip\..\{C741FC6E-11A7-474C-B925-913E69ECE21F}: NameServer = 207.69.188.185,207.69.188.186
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
      O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
       
      The system wouldnot allow a JAVA install in safe mode, but out of safe, it said I had already installled. Thanks!  BB

      Was this post helpful?

      View All

      0 events found

      No Events found!

      Top