1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Google Hijack, YouTube Preview Pics Gone and No Maps in GoogleMaps!

Discussion in 'Virus & Other Malware Removal' started by sb76117, Jul 13, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. sb76117

    sb76117 Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    15
    New to the site, I found this site through my work computer using Google. Found this thread (http://forums.techguy.org/security/579993-my-google-screwed-up.html) and it seems the user "Five-More-Years" is having the same problem as me. But he has yet to post his HijackThis Log File.

    Nothing I have installed senses a Virus, Spyware, or Adware.
    I used PCCillin and AdAware.

    Whenever I do a search in Google, my first result is always for Credit-Land.com, followed by other Credit Card sites, some Viagra ads and so on.

    EDIT: Whenever I use quotes to narrow my search in Google, it reformats my submission. Ex: Searching for "Google" turns into "/Google/"

    If I type "Google" into the search field, Google.com is my first result, but the title of the page is something like "Protect Your Porn Files"

    Yahoo search doesn't work at all. I get a 999 error from their site when I submit my search.

    Another problem I've seen is on YouTube. Every picture linking to a video (smaller, one frame previews of the videos, as seen on the front page) gives me a red X. (Internet Explorer BTW)

    And GoogleMaps... No matter what level I zoom to, even all the way out, I still get "We are sorry. We don't have maps for this zoom level at this region. Try zooming out for a broader view." I can still get my directions as text on the left side of the screen, and it even overlays the route in purple over the grey zoom error message.

    CONTINUE READING IF YOU WANT, JUST SOME BACKGROUND INFO... LONG AND BORING

    Here's how I got this virus/hijack/whatever...

    I just started working in Downtown Dallas, moved here too. I had worked for the company before, purchasing, setting up and networking personal computer systems for employee use. So upon returning, of course they asked me to look at one of their "problem computers."

    I took a look at it, McAfee kept popping up a dialog box warning about detecting a virus "VUNDO" which I've had and defeated personally before. But not this time, no Admin privileges or Admin password and no bootup disk would work.

    They had it hardwired AND wireless (usb) at the same time! For no reason at all.

    Using my laptop to try and fix the problem, my laptop defaulted to the strongest signal... A computer to computer connection called "FREE PUBLIC WIFI" or something like that (the name has since changed to a standard format "pcollins" or something.

    And then BOTH computers were behaving the same.

    THIS WAS MY FIRST DAY LIVING OVER HERE.

    They've since just reformatted that other computer and now I'm stuck with a buggy laptop and a Cingular AirCard and my cable/internet doesn't arrive for another week.


    PLEASE HELP!

    (sorry for the longwinded thread)
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!

    I'll try and help you but what is it you are trying to fix?
     
  3. sb76117

    sb76117 Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    15
    I listed the problems.
    I think they are all related. They started the same time the Google Hijack started.

    • Whenever I do a search in Google, my first result is always for Credit-Land.com, followed by other Credit Card sites, some Viagra ads and so on.
    • EDIT: Whenever I use quotes to narrow my search in Google, it reformats my submission. Ex: Searching for "Google" turns into "/Google/"
    • If I type "Google" into the search field, Google.com is my first result, but the title of the page is something like "Protect Your Porn Files"
    • Yahoo search doesn't work at all. I get a 999 error from their site when I submit my search.
    • Another problem I've seen is on YouTube. Every picture linking to a video (smaller, one frame previews of the videos, as seen on the front page) gives me a red X. (Internet Explorer BTW)
    • And GoogleMaps... No matter what level I zoom to, even all the way out, I still get "We are sorry. We don't have maps for this zoom level at this region. Try zooming out for a broader view." I can still get my directions as text on the left side of the screen, and it even overlays the route in purple over the grey zoom error message.
    I know it was a long post, sorry. That's why I put the bold disclaimer that said "Continue reading" everything above that was the problem.
     
  4. sb76117

    sb76117 Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    15
    HijackThis:
    [ CODE ]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:31:45 PM, on 7/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2ABAA629-9945-4C5D-AC00-7F392D3DF4F1} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
    O2 - BHO: (no name) - {4B5FDFEF-EB8B-45C5-9351-253DFAF48F33} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
    O2 - BHO: (no name) - {4B9B5626-3FFC-4CE2-93A6-C345FC7DE4FE} - C:\WINDOWS\system32\vtsqo.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{27FA27AA-9C3A-483B-9565-81068CE8BDC5}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3ED9FD2F-3B61-460C-A70F-BF5AA6B80A6D}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7C343FB9-5F09-4B97-9161-1B72C4D3DFA3}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B71602AA-C343-4417-9F0F-A3E8A6A53A30}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F09E71-76DD-41CA-A8F4-735CCC771691}: NameServer = 194.54.90.226
    O17 - HKLM\System\CS1\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
    O20 - Winlogon Notify: urqrsqp - urqrsqp.dll (file missing)
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

    --
    End of file - 7953 bytes
    [/CODE]

    [ SIZE="5" ]ComboFix:[/SIZE]

    [ CODE ]"scotty" - 2007-07-10 21:35:53 - ComboFix 07-07-10.1 - Service Pack 2


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\klmbsveg.dll
    C:\WINDOWS\system32\owtqpgad.dll
    C:\WINDOWS\system32\rvoeamdw.dll
    C:\WINDOWS\system32\usscmuus.dll
    C:\WINDOWS\system32\ywxaidjq.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\{002D7~1
    C:\Program Files\Common Files\{002D7~1\Update.exe~
    C:\Program Files\Common Files\{002D7~2
    C:\Program Files\Common Files\{002D7~2\Update.exe
    C:\Program Files\Common Files\{302D7~1


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_CLIENT_IP-IPX
    -------\Client IP-IPX


    ((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))


    2007-07-10 21:35 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-10 19:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
    2007-06-26 16:56 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Bytemobile
    2007-06-24 16:56 <DIR> d-------- C:\Program Files\Soldier of Fortune II - Double Helix
    2007-06-24 00:15 <DIR> d-------- C:\DOCUME~1\scotty\APPLIC~1\U3
    2007-06-23 16:44 17,176 --------- C:\WINDOWS\hpomdl04.dat
    2007-06-23 16:44 103,509 --a------ C:\WINDOWS\hpoins04.dat
    2007-06-23 15:33 <DIR> d-------- C:\temp\HP_WebRelease
    2007-06-23 15:33 <DIR> d-------- C:\temp
    2007-06-23 15:01 23,040 --a------ C:\WINDOWS\system32\irisco32.dll
    2007-06-23 15:01 <DIR> d-------- C:\Program Files\Readiris Pro 10
    2007-06-21 20:18 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
    2007-06-21 20:18 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
    2007-06-21 20:18 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
    2007-06-21 20:18 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
    2007-06-21 20:18 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
    2007-06-21 20:18 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
    2007-06-21 20:18 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
    2007-06-21 20:18 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
    2007-06-21 20:18 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
    2007-06-21 20:18 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
    2007-06-21 20:17 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
    2007-06-20 01:37 <DIR> d-------- C:\Program Files\GLtron
    2007-06-19 02:53 <DIR> d-------- C:\PC Diagnostic.temp
    2007-06-19 02:13 <DIR> d-------- C:\Program Files\QuickTime
    2007-06-19 01:05 <DIR> d-------- C:\Utilities.temp
    2007-06-19 01:00 <DIR> d-------- C:\Common.temp
    2007-06-19 00:59 53,248 --a------ C:\WINDOWS\system32\InsSecRc.scr
    2007-06-19 00:59 53,248 --a------ C:\WINDOWS\system32\InsSec.scr
    2007-06-19 00:59 49,152 --a------ C:\WINDOWS\system32\BrigthDL.dll
    2007-06-19 00:59 40,960 --a------ C:\WINDOWS\system32\Thkemrun.exe
    2007-06-19 00:59 32,768 --a------ C:\WINDOWS\system32\TWarnMsg.exe
    2007-06-19 00:59 258,048 --a------ C:\WINDOWS\system32\00THotkey.exe
    2007-06-19 00:59 24,576 --a------ C:\WINDOWS\system32\Tsci.dll
    2007-06-19 00:59 24,576 --a------ C:\WINDOWS\system32\Thci.dll
    2007-06-19 00:59 24,576 --a------ C:\WINDOWS\system32\000StTHK.exe
    2007-06-19 00:50 49,152 --a------ C:\WINDOWS\system32\TosBthSupport.dll
    2007-06-17 21:04 <DIR> d-------- C:\Program Files\Stunt Playground
    2007-06-17 02:20 <DIR> d-------- C:\Program Files\Plasma Pong
    2007-06-16 18:36 <DIR> d-------- C:\Program Files\Call of Duty
    2007-06-12 19:00 <DIR> d-------- C:\DOCUME~1\scotty\APPLIC~1\dvdcss
    2007-06-12 18:53 <DIR> d-------- C:\DOCUME~1\scotty\APPLIC~1\Sonic
    2007-06-11 13:05 <DIR> d-------- C:\Program Files\Common Files\element5 Shared
    2007-06-11 13:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\element5
    2007-06-11 13:03 <DIR> d-------- C:\Program Files\WireFusion 4.0


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-11 00:14:46 -------- d-----w C:\Program Files\GemMaster
    2007-07-11 00:13:41 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-07-11 00:11:55 -------- d-----w C:\Program Files\WildTangent
    2007-07-02 19:04:26 -------- d-----w C:\DOCUME~1\scotty\APPLIC~1\uTorrent
    2007-07-01 10:41:56 -------- d-----w C:\Program Files\utorrent
    2007-06-30 10:52:02 -------- d-----w C:\Program Files\Last.fm
    2007-06-24 20:45:31 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-06-23 20:35:17 -------- d-----w C:\Program Files\HP
    2007-06-19 07:12:43 -------- d-----w C:\Program Files\Apple Software Update
    2007-06-19 05:59:10 -------- d-----w C:\Program Files\TOSHIBA
    2007-06-13 00:00:54 203,024 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
    2007-06-13 00:00:50 36,112 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
    2007-06-12 23:52:00 1,126,328 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
    2007-06-11 23:39:19 -------- d-----w C:\Program Files\Quake III Arena
    2007-06-09 10:16:52 -------- d-----w C:\Program Files\Enigma Software Group
    2007-06-05 18:56:18 -------- d-----w C:\DOCUME~1\scotty\APPLIC~1\Lavasoft
    2007-06-05 18:55:12 -------- d-----w C:\Program Files\Lavasoft
    2007-06-05 18:54:23 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-04 22:34:01 -------- d-----w C:\DOCUME~1\scotty\APPLIC~1\fretsonfire
    2007-06-04 04:04:21 4,096 ----a-w C:\WINDOWS\d3dx.dat
    2007-06-04 02:50:17 -------- d-----w C:\Program Files\PogoSticker
    2007-06-01 01:44:44 -------- d-----w C:\DOCUME~1\scotty\APPLIC~1\vlc
    2007-05-31 22:53:02 -------- d-----w C:\Program Files\VideoLAN
    2007-05-28 22:04:15 -------- d-----w C:\Program Files\Ricochet Xtreme
    2007-05-28 22:01:16 -------- d-----w C:\Program Files\ReflexiveArcade
    2007-05-28 19:02:48 -------- d-----w C:\Program Files\Truck Dismount
    2007-05-28 18:59:45 -------- d-----w C:\Program Files\Porrasturvat - Stair Dismount
    2007-05-28 18:36:02 -------- d-----w C:\Program Files\Pistachio Productions
    2007-05-23 00:30:13 724,992 ----a-w C:\WINDOWS\iun6002.exe
    2007-05-22 23:03:22 0 ----a-r C:\logwmemory.bin
    2007-05-17 20:27:31 -------- d-----w C:\Program Files\Common Files\DirectX
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-13 17:54:01 -------- d-----w C:\Program Files\MegaSpoof
    2007-05-11 09:59:43 -------- d-----w C:\Program Files\Scorched3D
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-13 08:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABAA629-9945-4C5D-AC00-7F392D3DF4F1}]
    C:\WINDOWS\system32\rmbaucas.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B5FDFEF-EB8B-45C5-9351-253DFAF48F33}]
    C:\WINDOWS\system32\rmbaucas.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B9B5626-3FFC-4CE2-93A6-C345FC7DE4FE}]
    C:\WINDOWS\system32\vtsqo.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    2005-10-06 08:20 110652 --a------ C:\WINDOWS\System32\DLA\DLASHX_W.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 03:34]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 03:32]
    "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 15:25]
    "TPSMain"="TPSMain.exe" [2005-06-01 00:00 C:\WINDOWS\system32\TPSMain.exe]
    "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 17:02]
    "TFncKy"="TFncKy.exe" []
    "TDispVol"="TDispVol.exe" [2005-03-11 18:03 C:\WINDOWS\system32\TDispVol.exe]
    "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 19:13]
    "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 03:32]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:44]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsqp]
    urqrsqp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
    backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
    backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^donna^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
    path=C:\Documents and Settings\donna\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
    backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^scotty^Start Menu^Programs^Startup^Rainmeter.lnk]
    path=C:\Documents and Settings\scotty\Start Menu\Programs\Startup\Rainmeter.lnk
    backup=C:\WINDOWS\pss\Rainmeter.lnkStartup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
    rundll32.exe "C:\WINDOWS\system32\dlfbjitk.dll",realset

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cingular Communication Manager]
    C:\Program Files\Cingular\Communication Manager\CingularCCM.exe -a

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    C:\WINDOWS\system32\dla\DLACTRLW.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5000 Series]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S16F.tmp" /EF "HKLM"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Genuine]
    rundll32.exe "C:\WINDOWS\system32\fxpkctlx.dll",realset

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
    "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
    "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j0271531]
    rundll32 C:\WINDOWS\system32\j0271531.dll sook

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j1261039]
    rundll32 C:\WINDOWS\system32\j1261039.dll sook

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
    C:\Program Files\ltmoh\Ltmoh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
    NDSTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
    C:\Program Files\McAfee.com\VSO\oasclnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
    "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
    C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
    c:\toshiba\ivp\ism\pinger.exe /run

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintServer Diagnostic]
    C:\Program Files\Print Server\PTP\PSDiagnostic.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
    C:\Program Files\Rainlendar2\Rainlendar2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
    rundll32.exe "C:\WINDOWS\system32\sajnkjxg.dll",realset

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsUpdate]
    rundll32.exe "C:\WINDOWS\system32\hmlfiavy.dll",realset

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "TAPPSRV"=2 (0x2)
    "Swupdtmr"=2 (0x2)
    "ose"=3 (0x3)
    "mcupdmgr.exe"=3 (0x3)
    "McTskshd.exe"=2 (0x2)
    "McShield"=2 (0x2)
    "McDetect.exe"=2 (0x2)
    "aspnet_state"=3 (0x3)
    "AOL TopSpeedMonitor"=2 (0x2)
    "AOL ACS"=2 (0x2)
    "S24EventMonitor"=2 (0x2)
    "RegSrvc"=2 (0x2)
    "iPod Service"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "Client IP-IPX"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "bmwebcfg"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    AutoRun\command- G:\LaunchU3.exe -a


    Contents of the 'Scheduled Tasks' folder
    2007-06-19 23:15:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2006-11-21 23:42:03 C:\WINDOWS\tasks\Registration reminder 1.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-10 21:41:56
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-10 21:43:50 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-10 21:43

    --- E O F ---
    [/CODE]

    [ CODE ]
    C:\ComboFix-quarantined-files.txt

    2007-04-13 23:57 125460 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\klmbsveg.dll.vir
    2007-04-27 02:05 15360 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\{002D7~1\Update.exe~.vir
    2007-04-27 12:12 15360 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\{002D7~2\Update.exe.vir
    2007-05-12 00:02 49204 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ywxaidjq.dll.vir
    2007-05-25 00:37 49204 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\usscmuus.dll.vir
    2007-05-25 16:39 49204 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rvoeamdw.dll.vir
    2007-06-04 11:23 49204 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\owtqpgad.dll.vir
    2007-07-10 21:39 2850 --a------ C:\Qoobox\Quarantine\Registry_backups\services_Client IP-IPX.reg.cf
    2007-07-10 21:39 846 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_CLIENT_IP-IPX.reg.cf


    Folder PATH listing for volume SQ004126P01
    Volume serial number is 002D-7F93
    C:\QOOBOX
    \---Quarantine
    +---C
    | +---Program Files
    | | \---Common Files
    | | +---{002D7~1
    | | | Update.exe~.vir
    | | |
    | | \---{002D7~2
    | | Update.exe.vir
    | |
    | \---WINDOWS
    | \---system32
    | klmbsveg.dll.vir
    | owtqpgad.dll.vir
    | rvoeamdw.dll.vir
    | usscmuus.dll.vir
    | ywxaidjq.dll.vir
    |
    \---Registry_backups
    LEGACY_CLIENT_IP-IPX.reg.cf
    services_Client IP-IPX.reg.cf


    [/CODE]
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts.
    You will be asked to reboot your computer; please do so.
    Your system may take longer than usual to load; this is normal.



    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {2ABAA629-9945-4C5D-AC00-7F392D3DF4F1} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
    O2 - BHO: (no name) - {4B5FDFEF-EB8B-45C5-9351-253DFAF48F33} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
    O2 - BHO: (no name) - {4B9B5626-3FFC-4CE2-93A6-C345FC7DE4FE} - C:\WINDOWS\system32\vtsqo.dll (file missing)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{27FA27AA-9C3A-483B-9565-81068CE8BDC5}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3ED9FD2F-3B61-460C-A70F-BF5AA6B80A6D}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7C343FB9-5F09-4B97-9161-1B72C4D3DFA3}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B71602AA-C343-4417-9F0F-A3E8A6A53A30}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F09E71-76DD-41CA-A8F4-735CCC771691}: NameServer = 194.54.90.226
    O17 - HKLM\System\CS1\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
    O20 - Winlogon Notify: urqrsqp - urqrsqp.dll (file missing)

    Close all applications and browser windows before you click "fix checked".


    Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .

    CAUTION!: It is possible that your Internet Service Provider requires specific settings here. Make sure you know if you need specific DNS settings here or not before you proceed to make the following changes or you may lose your internet connection. If you are sure you do not need a specific DNS address here, you may proceed.

    • Double-click the Network Connections icon
    • Right-click the Local Area Connection icon and select Properties.
    • Hilight Internet Protocol (TCP/IP) and click the Properties button.
    • Be sure Obtain DNS server address automatically is selected.
    • OK your way out.


    Go to Start > Run and type in cmd
    • Click OK.
    • This will open a command prompt.
    • Type the following line in the command window:

      ipconfig /flushdns

    • Hit Enter
    • Exit the command window


    Now restart your machine. Post the report.txt and a new Hijackthis log.


    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
     
  6. sb76117

    sb76117 Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    15
    thank you SO much. ill try that out when i get back in town... for now im gonna TRY and print them here at my old house... vista and wireless printing. this is gonna be fun!
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115

    You think so?? :D

    OK I'll be waiting for your next replies!
     
  8. sb76117

    sb76117 Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    15
    good news! got BOTH vista laptops to cooperate and print wirelessly... i just hope they dont ask me to set up for scanning too. :D

    but bad news as well, two errors from the fixit batch file...

    ===1>Title: C:\windows\system32\swreg.exe
    -----1>Content: C:\windows\system32\swreg.exe is not a valid win32 application.

    ===2>Title: Not Admin!!
    -----2>Content: You need Administrative privileges to run this tool

    1: replacing swreg in the system folder with the swreg that came with the fixwareout, only gives me this error: C:\fixwareout\findt\dumphive.exe files missing...

    2: all my user accounts have admin privileges. even my administrator account!

    Safe Mode: Nothing.

    I gotta wait till i get off and ill burn a boot disc. See if that'll work.

    EDIT: you gotta love motorola... putting a mini usb port on the side of their slvr phone... mobile/flash drive... hahah
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    swreg.exe is a trusted tool used in may forum fixes, created by Bobbi Flekman. I would not worry about it.

    As for the Admin privileges I can only refer you to the Vista forum. I've heard there are problems but not being a Vista user I can't offer you any assistance with that.
     
  10. sb76117

    sb76117 Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    15
    my personal laptop (the one were trying to fix) is XP mce.

    those other two vista laptops are my parents'.

    fixit will not run!

    when i try to run it, i get the black cmd.exe window that says "continue at your own risk... press any key to continue..."

    then that first error i quoted pops up. then the second one.
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please post your hijackthis log again.
     
  12. sb76117

    sb76117 Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    15
    as soon as i get a brief moment, i will re-scan and re-post the log.

    FYI, since i couldn't complete the first step, I did not skip it and continue with your instructions. (So the HJT Log will probably be the same)
     
  13. sb76117

    sb76117 Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    15
    Heres the fresh HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:00:24 AM, on 7/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
    C:\WINDOWS\system32\WgaTray.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2ABAA629-9945-4C5D-AC00-7F392D3DF4F1} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
    O2 - BHO: (no name) - {4B5FDFEF-EB8B-45C5-9351-253DFAF48F33} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
    O2 - BHO: (no name) - {4B9B5626-3FFC-4CE2-93A6-C345FC7DE4FE} - C:\WINDOWS\system32\vtsqo.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{27FA27AA-9C3A-483B-9565-81068CE8BDC5}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3ED9FD2F-3B61-460C-A70F-BF5AA6B80A6D}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7C343FB9-5F09-4B97-9161-1B72C4D3DFA3}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B71602AA-C343-4417-9F0F-A3E8A6A53A30}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F09E71-76DD-41CA-A8F4-735CCC771691}: NameServer = 194.54.90.226
    O17 - HKLM\System\CS1\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
    O20 - Winlogon Notify: urqrsqp - urqrsqp.dll (file missing)
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

    --
    End of file - 7830 bytes
     
  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {2ABAA629-9945-4C5D-AC00-7F392D3DF4F1} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
    O2 - BHO: (no name) - {4B5FDFEF-EB8B-45C5-9351-253DFAF48F33} - C:\WINDOWS\system32\rmbaucas.dll (file missing)
    O2 - BHO: (no name) - {4B9B5626-3FFC-4CE2-93A6-C345FC7DE4FE} - C:\WINDOWS\system32\vtsqo.dll (file missing)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{27FA27AA-9C3A-483B-9565-81068CE8BDC5}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3ED9FD2F-3B61-460C-A70F-BF5AA6B80A6D}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7C343FB9-5F09-4B97-9161-1B72C4D3DFA3}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B71602AA-C343-4417-9F0F-A3E8A6A53A30}: NameServer = 194.54.90.226
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F09E71-76DD-41CA-A8F4-735CCC771691}: NameServer = 194.54.90.226
    O17 - HKLM\System\CS1\Services\Tcpip\..\{203B85A6-36DF-48CA-BC7D-8E0F19B73BB4}: NameServer = 194.54.90.226
    O20 - Winlogon Notify: urqrsqp - urqrsqp.dll (file missing)

    Close all applications and browser windows before you click "fix checked".


    Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .

    CAUTION!: It is possible that your Internet Service Provider requires specific settings here. Make sure you know if you need specific DNS settings here or not before you proceed to make the following changes or you may lose your internet connection. If you are sure you do not need a specific DNS address here, you may proceed.

    • Double-click the Network Connections icon
    • Right-click the Local Area Connection icon and select Properties.
    • Hilight Internet Protocol (TCP/IP) and click the Properties button.
    • Be sure Obtain DNS server address automatically is selected.
    • OK your way out.


    Go to Start > Run and type in cmd
    • Click OK.
    • This will open a command prompt.
    • Type the following line in the command window:

      ipconfig /flushdns

    • Hit Enter
    • Exit the command window


    Now restart your machine. Post a new Hijackthis log.
     
  15. sb76117

    sb76117 Thread Starter

    Joined:
    Jul 11, 2007
    Messages:
    15
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:21:38 PM, on 7/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

    --
    End of file - 6614 bytes




    since i connect wirelessly, i made sure auto dns was enabled on my wireless connection as well.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/595228

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice