1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Help with Internet Speed Monitor Pop Ups

Discussion in 'Virus & Other Malware Removal' started by progjake, Nov 9, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. progjake

    progjake Thread Starter

    Joined:
    Nov 9, 2007
    Messages:
    11
    I've been infected with whatever causes those anoying interneet speed monitor pop ups. When I would do a search on Google it would also give me that sidebar with additional links provided by internet speed monitor.

    I've done a little bit of research and made a couple of attempts at fixing on my own without any luck. Some sites said to simply remove from Add/Remove programs, or to locate a folder called ISM or ISM2 and delete it along with all of its contents. I cannot find any of these folders on my system, yet I am getting pop ups with "From Internet Speed Monitor" in the title bar. Sometimes they have adds in them and sometimes they are a blank window with only the text "unable to connect to server".

    I've run a full system scan with Symantec Antivirus, AdAware, and SUPERAntiSpywareProfessional (the free trial). Symantec and AdAware seemed to find a couple of things, but nothing related to Internet Speed Monitor. SUPERAntiSpyware found a file with ISM in the name so I thought I got it, but the pop ups are still coming.

    From observing other posts I saw that a log file from Hijackthis is needed to begin the troubleshooting process, so I downloaded and ran a log file. I then exited the Hijackthis program without letting it fix anything.

    I really appreciate any help that can be offered in getting this bug off of my system. Here is my log file:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:34:01 PM, on 11/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE
    C:\Program Files\QdrModule\QdrModule9.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://webmailb.juno.com/webmail/new/7?&count=1163126064928
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

    Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [\\MAINPC\EPSON Stylus Photo R260 Series]

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU

    "C:\DOCUME~1\Adam\LOCALS~1\Temp\E_S113.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Auto EPSON Stylus Photo R260 Series on MAINPC]

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU

    "C:\WINDOWS\TEMP\E_S139.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program

    Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

    - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

    C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

    - C:\Program Files\Messenger\msmsgs.exe

    O15 - Trusted Zone: http://*.turbotax.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{103A9EC1-CA91-48E7-A1C7-48E1F9B596A6}:

    NameServer = 191.168.11.22
    O17 - HKLM\System\CS1\Services\Tcpip\..\{103A9EC1-CA91-48E7-A1C7-48E1F9B596A6}:

    NameServer = 191.168.11.22
    O17 - HKLM\System\CS2\Services\Tcpip\..\{103A9EC1-CA91-48E7-A1C7-48E1F9B596A6}:

    NameServer = 191.168.11.22
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

    Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

    Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program

    Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. -

    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation

    - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation -

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec

    AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec

    AntiVirus\Rtvscan.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

    Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 8078 bytes


    Thanks in advance for any help that can be offered.

    progjake
     
  2. progjake

    progjake Thread Starter

    Joined:
    Nov 9, 2007
    Messages:
    11
  3. progjake

    progjake Thread Starter

    Joined:
    Nov 9, 2007
    Messages:
    11
  4. progjake

    progjake Thread Starter

    Joined:
    Nov 9, 2007
    Messages:
    11
    Help! . . . Bump
     
  5. progjake

    progjake Thread Starter

    Joined:
    Nov 9, 2007
    Messages:
    11
    Bump

    Still in need of help. I know this is a very busy place and I don't want to be a nuisance, but I have been waiting almost 1 week without a single response to my post while I watch other posts get replys as quick as same day.

    Any help at all would be greatly appreciated!
     
  6. progjake

    progjake Thread Starter

    Joined:
    Nov 9, 2007
    Messages:
    11
    HELP!!!


    I am still in need of help and its been over a week now without any responses.

    After reading other posts with Internet Speed Monitor problems I saw a common recommendation of running ComboFix, so I intalled and ran it on my computer. It stalled out the first time I ran it, so I ran it again. The postsed log from ComboFix looks like it included the results from the stalled session as well (the deleted files from previous run).

    Any help would be greatly appreciated!

    In the time I am typing this another Internet Speed Monitor add popped up, so I know its not completely fixed yet.

    Here is the ComboFix log followed by another Hijackthis log:


    ComboFix 07-11-08.1 - Adam 2007-11-17 12:42:02.2 - NTFSx86
    Running from: C:\Documents and Settings\Adam\Desktop\ComboFix.exe
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\kddmm.exe
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\Adam\My Documents\SEMBLY~1
    C:\Documents and Settings\Adam\Start Menu\Programs\Internet Speed Monitor
    C:\Documents and Settings\Adam\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
    C:\Documents and Settings\Adam\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
    C:\Program Files\Common Files\racle~1
    C:\Program Files\QdrPack
    C:\Program Files\QdrPack\dicts.gz
    C:\Program Files\QdrPack\QdrPack9.exe
    C:\Program Files\QdrPack\trgts.gz
    C:\WINDOWS\asks~1

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
    .

    2007-11-17 11:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-15 19:11 54,272 --a------ C:\info.exe
    2007-11-09 19:31 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-08 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-08 19:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-08 19:59 <DIR> d-------- C:\Documents and Settings\Adam\Application Data\SUPERAntiSpyware.com
    2007-11-05 20:29 <DIR> d-------- C:\Program Files\QdrModule

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-17 19:01 --------- d-----w C:\Program Files\Symantec AntiVirus
    2007-11-13 02:29 --------- d-----w C:\Documents and Settings\Adam\Application Data\U3
    2007-11-09 01:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-09 00:16 --------- d-----w C:\Program Files\Rio
    2007-11-08 02:24 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-11-08 02:24 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
    2002-05-28 14:19 61,440 ----a-w C:\WINDOWS\INF\i386\onetUSD.dll
    2002-05-20 14:22 36,864 ----a-w C:\WINDOWS\INF\i386\Vizmicro.dll
    2002-05-20 14:20 172,032 ----a-w C:\WINDOWS\INF\i386\viceo.dll
    2002-05-20 14:02 225,280 ----a-w C:\WINDOWS\INF\i386\rtscan.dll
    2001-08-04 00:29 13,824 ----a-w C:\WINDOWS\INF\i386\Usbscan.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe" [2004-09-28 19:26]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 18:23]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 08:35]
    "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 09:27]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-07-13 17:34]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 06:46]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 14:52]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 11:30]
    "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" []
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
    "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 13:03]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
    "HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 06:47]
    "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-06-20 13:06]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 19:59]
    "DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [2004-03-04 10:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "\\MAINPC\EPSON Stylus Photo R260 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.exe" [2006-05-19 03:00]
    "Auto EPSON Stylus Photo R260 Series on MAINPC"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.exe" [2006-05-19 03:00]
    "QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" [2007-11-01 13:51]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
    "Wdse"="C:\PROGRA~1\COMMON~1\RACLE~1\notepad.exe" []
    "PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-10-15 15:16]
    "Mzevnhxs"="C:\WINDOWS\?asks\n?tepad.exe" []
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    VPN Client.lnk - C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2005-05-11 11:37:33]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


    R2 BASFND;BASFND;\??\C:\Program Files\Broadcom\BACS\BASFND.sys
    S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caa52ce0-45a7-11da-95bd-000f1f15f315}]
    \Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-17 13:06:21
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\extrac32.dll 34408 bytes
    C:\WINDOWS\system32\nlsfunc.dll 63 bytes
    C:\WINDOWS\system32\osuninst.dll 67584 bytes executable
    C:\WINDOWS\system32\pxinsa64.dll 8173 bytes
    C:\WINDOWS\system32\cmutil.cpl 864 bytes
    C:\WINDOWS\system32\wupdmgr.dll 106496 bytes executable

    scan completed successfully
    hidden files: 6

    **************************************************************************

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "\\\\MAINPC\\EPSON Stylus Photo R260 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBNA.EXE /FU \"C:\\DOCUME~1\\Adam\\LOCALS~1\\Temp\\E_S113.tmp\" /EF \"HKCU\""
    .
    Completion time: 2007-11-17 13:13:20 - machine was rebooted
    .
    --- E O F ---

    Now the Hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:17:52 PM, on 11/17/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\WINDOWS\system32\hphmon04.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\QdrModule\QdrModule9.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmailb.juno.com/webmail/new/7?&count=1163126064928
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
    O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKCU\..\Run: [\\MAINPC\EPSON Stylus Photo R260 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\DOCUME~1\Adam\LOCALS~1\Temp\E_S113.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Auto EPSON Stylus Photo R260 Series on MAINPC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\WINDOWS\TEMP\E_S139.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Wdse] "C:\PROGRA~1\COMMON~1\RACLE~1\notepad.exe" -vt yazb
    O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
    O4 - HKCU\..\Run: [Mzevnhxs] C:\WINDOWS\?asks\n?tepad.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.turbotax.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{103A9EC1-CA91-48E7-A1C7-48E1F9B596A6}: NameServer = 85.255.116.169,85.255.112.101
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3B86A779-7401-4D0C-AAD4-8136E3E3E0A7}: NameServer = 85.255.116.169,85.255.112.101
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.169 85.255.112.101
    O17 - HKLM\System\CS1\Services\Tcpip\..\{103A9EC1-CA91-48E7-A1C7-48E1F9B596A6}: NameServer = 85.255.116.169,85.255.112.101
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.169 85.255.112.101
    O17 - HKLM\System\CS2\Services\Tcpip\..\{103A9EC1-CA91-48E7-A1C7-48E1F9B596A6}: NameServer = 85.255.116.169,85.255.112.101
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.169 85.255.112.101
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 8803 bytes
     
  7. progjake

    progjake Thread Starter

    Joined:
    Nov 9, 2007
    Messages:
    11
    Bump

    Still waiting for some help; any help at all. I am bumping this since it seems to have dropped off the 25 pages of this message board.
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Closing thread per poster request.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/649977

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice