Solved: Google Hijack, YouTube Preview Pics Gone and No Maps in GoogleMaps!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sb76117

Thread Starter
Joined
Jul 11, 2007
Messages
15
New to the site, I found this site through my work computer using Google. Found this thread (http://forums.techguy.org/security/579993-my-google-screwed-up.html) and it seems the user "Five-More-Years" is having the same problem as me. But he has yet to post his HijackThis Log File.

Nothing I have installed senses a Virus, Spyware, or Adware.
I used PCCillin and AdAware.

Whenever I do a search in Google, my first result is always for Credit-Land.com, followed by other Credit Card sites, some Viagra ads and so on.

EDIT: Whenever I use quotes to narrow my search in Google, it reformats my submission. Ex: Searching for "Google" turns into "/Google/"

If I type "Google" into the search field, Google.com is my first result, but the title of the page is something like "Protect Your Porn Files"

Yahoo search doesn't work at all. I get a 999 error from their site when I submit my search.

Another problem I've seen is on YouTube. Every picture linking to a video (smaller, one frame previews of the videos, as seen on the front page) gives me a red X. (Internet Explorer BTW)

And GoogleMaps... No matter what level I zoom to, even all the way out, I still get "We are sorry. We don't have maps for this zoom level at this region. Try zooming out for a broader view." I can still get my directions as text on the left side of the screen, and it even overlays the route in purple over the grey zoom error message.

CONTINUE READING IF YOU WANT, JUST SOME BACKGROUND INFO... LONG AND BORING

Here's how I got this virus/hijack/whatever...

I just started working in Downtown Dallas, moved here too. I had worked for the company before, purchasing, setting up and networking personal computer systems for employee use. So upon returning, of course they asked me to look at one of their "problem computers."

I took a look at it, McAfee kept popping up a dialog box warning about detecting a virus "VUNDO" which I've had and defeated personally before. But not this time, no Admin privileges or Admin password and no bootup disk would work.

They had it hardwired AND wireless (usb) at the same time! For no reason at all.

Using my laptop to try and fix the problem, my laptop defaulted to the strongest signal... A computer to computer connection called "FREE PUBLIC WIFI" or something like that (the name has since changed to a standard format "pcollins" or something.

And then BOTH computers were behaving the same.

THIS WAS MY FIRST DAY LIVING OVER HERE.

They've since just reformatted that other computer and now I'm stuck with a buggy laptop and a Cingular AirCard and my cable/internet doesn't arrive for another week.


PLEASE HELP!

(sorry for the longwinded thread)
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi, Welcome to TSG!!

I'll try and help you but what is it you are trying to fix?
 

sb76117

Thread Starter
Joined
Jul 11, 2007
Messages
15
I listed the problems.
I think they are all related. They started the same time the Google Hijack started.

  • Whenever I do a search in Google, my first result is always for Credit-Land.com, followed by other Credit Card sites, some Viagra ads and so on.
  • EDIT: Whenever I use quotes to narrow my search in Google, it reformats my submission. Ex: Searching for "Google" turns into "/Google/"
  • If I type "Google" into the search field, Google.com is my first result, but the title of the page is something like "Protect Your Porn Files"
  • Yahoo search doesn't work at all. I get a 999 error from their site when I submit my search.
  • Another problem I've seen is on YouTube. Every picture linking to a video (smaller, one frame previews of the videos, as seen on the front page) gives me a red X. (Internet Explorer BTW)
  • And GoogleMaps... No matter what level I zoom to, even all the way out, I still get "We are sorry. We don't have maps for this zoom level at this region. Try zooming out for a broader view." I can still get my directions as text on the left side of the screen, and it even overlays the route in purple over the grey zoom error message.
I know it was a long post, sorry. That's why I put the bold disclaimer that said "Continue reading" everything above that was the problem.
 

sb76117

Thread Starter
Joined
Jul 11, 2007
Messages
15
HijackThis:
[ CODE ]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:45 PM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ABAA629-9945-4C5D-AC00-7F392D3DF4F1} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
O2 - BHO: (no name) - {4B5FDFEF-EB8B-45C5-9351-253DFAF48F33} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
O2 - BHO: (no name) - {4B9B5626-3FFC-4CE2-93A6-C345FC7DE4FE} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FA27AA-9C3A-483B-9565-81068CE8BDC5}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{3ED9FD2F-3B61-460C-A70F-BF5AA6B80A6D}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C343FB9-5F09-4B97-9161-1B72C4D3DFA3}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{B71602AA-C343-4417-9F0F-A3E8A6A53A30}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F09E71-76DD-41CA-A8F4-735CCC771691}: NameServer = 194.54.90.226
O17 - HKLM\System\CS1\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
O20 - Winlogon Notify: urqrsqp - urqrsqp.dll (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 7953 bytes
[/CODE]

[ SIZE="5" ]ComboFix:[/SIZE]

[ CODE ]"scotty" - 2007-07-10 21:35:53 - ComboFix 07-07-10.1 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\klmbsveg.dll
C:\WINDOWS\system32\owtqpgad.dll
C:\WINDOWS\system32\rvoeamdw.dll
C:\WINDOWS\system32\usscmuus.dll
C:\WINDOWS\system32\ywxaidjq.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{002D7~1
C:\Program Files\Common Files\{002D7~1\Update.exe~
C:\Program Files\Common Files\{002D7~2
C:\Program Files\Common Files\{002D7~2\Update.exe
C:\Program Files\Common Files\{302D7~1


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CLIENT_IP-IPX
-------\Client IP-IPX


((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))


2007-07-10 21:35 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-10 19:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-06-26 16:56 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Bytemobile
2007-06-24 16:56 <DIR> d-------- C:\Program Files\Soldier of Fortune II - Double Helix
2007-06-24 00:15 <DIR> d-------- C:\DOCUME~1\scotty\APPLIC~1\U3
2007-06-23 16:44 17,176 --------- C:\WINDOWS\hpomdl04.dat
2007-06-23 16:44 103,509 --a------ C:\WINDOWS\hpoins04.dat
2007-06-23 15:33 <DIR> d-------- C:\temp\HP_WebRelease
2007-06-23 15:33 <DIR> d-------- C:\temp
2007-06-23 15:01 23,040 --a------ C:\WINDOWS\system32\irisco32.dll
2007-06-23 15:01 <DIR> d-------- C:\Program Files\Readiris Pro 10
2007-06-21 20:18 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-21 20:18 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-21 20:18 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-06-21 20:18 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-21 20:18 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-06-21 20:18 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-21 20:18 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-21 20:18 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-21 20:18 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-21 20:18 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-21 20:17 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-06-20 01:37 <DIR> d-------- C:\Program Files\GLtron
2007-06-19 02:53 <DIR> d-------- C:\PC Diagnostic.temp
2007-06-19 02:13 <DIR> d-------- C:\Program Files\QuickTime
2007-06-19 01:05 <DIR> d-------- C:\Utilities.temp
2007-06-19 01:00 <DIR> d-------- C:\Common.temp
2007-06-19 00:59 53,248 --a------ C:\WINDOWS\system32\InsSecRc.scr
2007-06-19 00:59 53,248 --a------ C:\WINDOWS\system32\InsSec.scr
2007-06-19 00:59 49,152 --a------ C:\WINDOWS\system32\BrigthDL.dll
2007-06-19 00:59 40,960 --a------ C:\WINDOWS\system32\Thkemrun.exe
2007-06-19 00:59 32,768 --a------ C:\WINDOWS\system32\TWarnMsg.exe
2007-06-19 00:59 258,048 --a------ C:\WINDOWS\system32\00THotkey.exe
2007-06-19 00:59 24,576 --a------ C:\WINDOWS\system32\Tsci.dll
2007-06-19 00:59 24,576 --a------ C:\WINDOWS\system32\Thci.dll
2007-06-19 00:59 24,576 --a------ C:\WINDOWS\system32\000StTHK.exe
2007-06-19 00:50 49,152 --a------ C:\WINDOWS\system32\TosBthSupport.dll
2007-06-17 21:04 <DIR> d-------- C:\Program Files\Stunt Playground
2007-06-17 02:20 <DIR> d-------- C:\Program Files\Plasma Pong
2007-06-16 18:36 <DIR> d-------- C:\Program Files\Call of Duty
2007-06-12 19:00 <DIR> d-------- C:\DOCUME~1\scotty\APPLIC~1\dvdcss
2007-06-12 18:53 <DIR> d-------- C:\DOCUME~1\scotty\APPLIC~1\Sonic
2007-06-11 13:05 <DIR> d-------- C:\Program Files\Common Files\element5 Shared
2007-06-11 13:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\element5
2007-06-11 13:03 <DIR> d-------- C:\Program Files\WireFusion 4.0


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 00:14:46 -------- d-----w C:\Program Files\GemMaster
2007-07-11 00:13:41 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-11 00:11:55 -------- d-----w C:\Program Files\WildTangent
2007-07-02 19:04:26 -------- d-----w C:\DOCUME~1\scotty\APPLIC~1\uTorrent
2007-07-01 10:41:56 -------- d-----w C:\Program Files\utorrent
2007-06-30 10:52:02 -------- d-----w C:\Program Files\Last.fm
2007-06-24 20:45:31 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-23 20:35:17 -------- d-----w C:\Program Files\HP
2007-06-19 07:12:43 -------- d-----w C:\Program Files\Apple Software Update
2007-06-19 05:59:10 -------- d-----w C:\Program Files\TOSHIBA
2007-06-13 00:00:54 203,024 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-06-13 00:00:50 36,112 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-06-12 23:52:00 1,126,328 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
2007-06-11 23:39:19 -------- d-----w C:\Program Files\Quake III Arena
2007-06-09 10:16:52 -------- d-----w C:\Program Files\Enigma Software Group
2007-06-05 18:56:18 -------- d-----w C:\DOCUME~1\scotty\APPLIC~1\Lavasoft
2007-06-05 18:55:12 -------- d-----w C:\Program Files\Lavasoft
2007-06-05 18:54:23 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-04 22:34:01 -------- d-----w C:\DOCUME~1\scotty\APPLIC~1\fretsonfire
2007-06-04 04:04:21 4,096 ----a-w C:\WINDOWS\d3dx.dat
2007-06-04 02:50:17 -------- d-----w C:\Program Files\PogoSticker
2007-06-01 01:44:44 -------- d-----w C:\DOCUME~1\scotty\APPLIC~1\vlc
2007-05-31 22:53:02 -------- d-----w C:\Program Files\VideoLAN
2007-05-28 22:04:15 -------- d-----w C:\Program Files\Ricochet Xtreme
2007-05-28 22:01:16 -------- d-----w C:\Program Files\ReflexiveArcade
2007-05-28 19:02:48 -------- d-----w C:\Program Files\Truck Dismount
2007-05-28 18:59:45 -------- d-----w C:\Program Files\Porrasturvat - Stair Dismount
2007-05-28 18:36:02 -------- d-----w C:\Program Files\Pistachio Productions
2007-05-23 00:30:13 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-05-22 23:03:22 0 ----a-r C:\logwmemory.bin
2007-05-17 20:27:31 -------- d-----w C:\Program Files\Common Files\DirectX
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-13 17:54:01 -------- d-----w C:\Program Files\MegaSpoof
2007-05-11 09:59:43 -------- d-----w C:\Program Files\Scorched3D
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 08:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABAA629-9945-4C5D-AC00-7F392D3DF4F1}]
C:\WINDOWS\system32\rmbaucas.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B5FDFEF-EB8B-45C5-9351-253DFAF48F33}]
C:\WINDOWS\system32\rmbaucas.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B9B5626-3FFC-4CE2-93A6-C345FC7DE4FE}]
C:\WINDOWS\system32\vtsqo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2005-10-06 08:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 03:34]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 03:32]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 15:25]
"TPSMain"="TPSMain.exe" [2005-06-01 00:00 C:\WINDOWS\system32\TPSMain.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 17:02]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [2005-03-11 18:03 C:\WINDOWS\system32\TDispVol.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 19:13]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 03:32]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsqp]
urqrsqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^donna^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\donna\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^scotty^Start Menu^Programs^Startup^Rainmeter.lnk]
path=C:\Documents and Settings\scotty\Start Menu\Programs\Startup\Rainmeter.lnk
backup=C:\WINDOWS\pss\Rainmeter.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
rundll32.exe "C:\WINDOWS\system32\dlfbjitk.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cingular Communication Manager]
C:\Program Files\Cingular\Communication Manager\CingularCCM.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\DLACTRLW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5000 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S16F.tmp" /EF "HKLM"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Genuine]
rundll32.exe "C:\WINDOWS\system32\fxpkctlx.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j0271531]
rundll32 C:\WINDOWS\system32\j0271531.dll sook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j1261039]
rundll32 C:\WINDOWS\system32\j1261039.dll sook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
"C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
c:\toshiba\ivp\ism\pinger.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintServer Diagnostic]
C:\Program Files\Print Server\PTP\PSDiagnostic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
C:\Program Files\Rainlendar2\Rainlendar2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
rundll32.exe "C:\WINDOWS\system32\sajnkjxg.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsUpdate]
rundll32.exe "C:\WINDOWS\system32\hmlfiavy.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TAPPSRV"=2 (0x2)
"Swupdtmr"=2 (0x2)
"ose"=3 (0x3)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"aspnet_state"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"iPod Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Client IP-IPX"=2 (0x2)
"Bonjour Service"=2 (0x2)
"bmwebcfg"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a


Contents of the 'Scheduled Tasks' folder
2007-06-19 23:15:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2006-11-21 23:42:03 C:\WINDOWS\tasks\Registration reminder 1.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-10 21:41:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-10 21:43:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-10 21:43

--- E O F ---
[/CODE]

[ CODE ]
C:\ComboFix-quarantined-files.txt

2007-04-13 23:57 125460 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\klmbsveg.dll.vir
2007-04-27 02:05 15360 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\{002D7~1\Update.exe~.vir
2007-04-27 12:12 15360 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\{002D7~2\Update.exe.vir
2007-05-12 00:02 49204 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ywxaidjq.dll.vir
2007-05-25 00:37 49204 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\usscmuus.dll.vir
2007-05-25 16:39 49204 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rvoeamdw.dll.vir
2007-06-04 11:23 49204 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\owtqpgad.dll.vir
2007-07-10 21:39 2850 --a------ C:\Qoobox\Quarantine\Registry_backups\services_Client IP-IPX.reg.cf
2007-07-10 21:39 846 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_CLIENT_IP-IPX.reg.cf


Folder PATH listing for volume SQ004126P01
Volume serial number is 002D-7F93
C:\QOOBOX
\---Quarantine
+---C
| +---Program Files
| | \---Common Files
| | +---{002D7~1
| | | Update.exe~.vir
| | |
| | \---{002D7~2
| | Update.exe.vir
| |
| \---WINDOWS
| \---system32
| klmbsveg.dll.vir
| owtqpgad.dll.vir
| rvoeamdw.dll.vir
| usscmuus.dll.vir
| ywxaidjq.dll.vir
|
\---Registry_backups
LEGACY_CLIENT_IP-IPX.reg.cf
services_Client IP-IPX.reg.cf


[/CODE]
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.



Run HJT again and put a check in the following:

O2 - BHO: (no name) - {2ABAA629-9945-4C5D-AC00-7F392D3DF4F1} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
O2 - BHO: (no name) - {4B5FDFEF-EB8B-45C5-9351-253DFAF48F33} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
O2 - BHO: (no name) - {4B9B5626-3FFC-4CE2-93A6-C345FC7DE4FE} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FA27AA-9C3A-483B-9565-81068CE8BDC5}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{3ED9FD2F-3B61-460C-A70F-BF5AA6B80A6D}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C343FB9-5F09-4B97-9161-1B72C4D3DFA3}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{B71602AA-C343-4417-9F0F-A3E8A6A53A30}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F09E71-76DD-41CA-A8F4-735CCC771691}: NameServer = 194.54.90.226
O17 - HKLM\System\CS1\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
O20 - Winlogon Notify: urqrsqp - urqrsqp.dll (file missing)

Close all applications and browser windows before you click "fix checked".


Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .

CAUTION!: It is possible that your Internet Service Provider requires specific settings here. Make sure you know if you need specific DNS settings here or not before you proceed to make the following changes or you may lose your internet connection. If you are sure you do not need a specific DNS address here, you may proceed.

  • Double-click the Network Connections icon
  • Right-click the Local Area Connection icon and select Properties.
  • Hilight Internet Protocol (TCP/IP) and click the Properties button.
  • Be sure Obtain DNS server address automatically is selected.
  • OK your way out.


Go to Start > Run and type in cmd
  • Click OK.
  • This will open a command prompt.
  • Type the following line in the command window:

    ipconfig /flushdns

  • Hit Enter
  • Exit the command window


Now restart your machine. Post the report.txt and a new Hijackthis log.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u2.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
 

sb76117

Thread Starter
Joined
Jul 11, 2007
Messages
15
thank you SO much. ill try that out when i get back in town... for now im gonna TRY and print them here at my old house... vista and wireless printing. this is gonna be fun!
 

sb76117

Thread Starter
Joined
Jul 11, 2007
Messages
15
good news! got BOTH vista laptops to cooperate and print wirelessly... i just hope they dont ask me to set up for scanning too. :D

but bad news as well, two errors from the fixit batch file...

===1>Title: C:\windows\system32\swreg.exe
-----1>Content: C:\windows\system32\swreg.exe is not a valid win32 application.

===2>Title: Not Admin!!
-----2>Content: You need Administrative privileges to run this tool

1: replacing swreg in the system folder with the swreg that came with the fixwareout, only gives me this error: C:\fixwareout\findt\dumphive.exe files missing...

2: all my user accounts have admin privileges. even my administrator account!

Safe Mode: Nothing.

I gotta wait till i get off and ill burn a boot disc. See if that'll work.

EDIT: you gotta love motorola... putting a mini usb port on the side of their slvr phone... mobile/flash drive... hahah
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
swreg.exe is a trusted tool used in may forum fixes, created by Bobbi Flekman. I would not worry about it.

As for the Admin privileges I can only refer you to the Vista forum. I've heard there are problems but not being a Vista user I can't offer you any assistance with that.
 

sb76117

Thread Starter
Joined
Jul 11, 2007
Messages
15
my personal laptop (the one were trying to fix) is XP mce.

those other two vista laptops are my parents'.

fixit will not run!

when i try to run it, i get the black cmd.exe window that says "continue at your own risk... press any key to continue..."

then that first error i quoted pops up. then the second one.
 

sb76117

Thread Starter
Joined
Jul 11, 2007
Messages
15
as soon as i get a brief moment, i will re-scan and re-post the log.

FYI, since i couldn't complete the first step, I did not skip it and continue with your instructions. (So the HJT Log will probably be the same)
 

sb76117

Thread Starter
Joined
Jul 11, 2007
Messages
15
Heres the fresh HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:24 AM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\system32\WgaTray.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ABAA629-9945-4C5D-AC00-7F392D3DF4F1} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
O2 - BHO: (no name) - {4B5FDFEF-EB8B-45C5-9351-253DFAF48F33} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
O2 - BHO: (no name) - {4B9B5626-3FFC-4CE2-93A6-C345FC7DE4FE} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FA27AA-9C3A-483B-9565-81068CE8BDC5}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{3ED9FD2F-3B61-460C-A70F-BF5AA6B80A6D}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C343FB9-5F09-4B97-9161-1B72C4D3DFA3}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{B71602AA-C343-4417-9F0F-A3E8A6A53A30}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F09E71-76DD-41CA-A8F4-735CCC771691}: NameServer = 194.54.90.226
O17 - HKLM\System\CS1\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
O20 - Winlogon Notify: urqrsqp - urqrsqp.dll (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 7830 bytes
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O2 - BHO: (no name) - {2ABAA629-9945-4C5D-AC00-7F392D3DF4F1} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
O2 - BHO: (no name) - {4B5FDFEF-EB8B-45C5-9351-253DFAF48F33} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
O2 - BHO: (no name) - {4B9B5626-3FFC-4CE2-93A6-C345FC7DE4FE} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{27FA27AA-9C3A-483B-9565-81068CE8BDC5}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{3ED9FD2F-3B61-460C-A70F-BF5AA6B80A6D}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C343FB9-5F09-4B97-9161-1B72C4D3DFA3}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{B71602AA-C343-4417-9F0F-A3E8A6A53A30}: NameServer = 194.54.90.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F09E71-76DD-41CA-A8F4-735CCC771691}: NameServer = 194.54.90.226
O17 - HKLM\System\CS1\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
O20 - Winlogon Notify: urqrsqp - urqrsqp.dll (file missing)

Close all applications and browser windows before you click "fix checked".


Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .

CAUTION!: It is possible that your Internet Service Provider requires specific settings here. Make sure you know if you need specific DNS settings here or not before you proceed to make the following changes or you may lose your internet connection. If you are sure you do not need a specific DNS address here, you may proceed.

  • Double-click the Network Connections icon
  • Right-click the Local Area Connection icon and select Properties.
  • Hilight Internet Protocol (TCP/IP) and click the Properties button.
  • Be sure Obtain DNS server address automatically is selected.
  • OK your way out.


Go to Start > Run and type in cmd
  • Click OK.
  • This will open a command prompt.
  • Type the following line in the command window:

    ipconfig /flushdns

  • Hit Enter
  • Exit the command window


Now restart your machine. Post a new Hijackthis log.
 

sb76117

Thread Starter
Joined
Jul 11, 2007
Messages
15
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:38 PM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 6614 bytes




since i connect wirelessly, i made sure auto dns was enabled on my wireless connection as well.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top