1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Malware/Adware Trojans, What to do?

Discussion in 'Virus & Other Malware Removal' started by bbkings, Feb 6, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. bbkings

    bbkings Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    5
    Hello all,
    I'm running Windows XP and thought I was safe from all this spyware and stuff. I had a complete fully updated Norton installed and was sure that viruses and trojans couldn't get through it. Boy was I wrong and I have been regretting it now for a week. I give up!
    Help me PLEASE!!!!!
    OK....you need to know everything right?
    Last week all was well. I don't know if it was a coincidence or what, but I got an automatic windows update as usual. I clicked all the necessary buttons not thinking that it was also installing the IE7 (that I didn't want).
    When it was through I deleted the IE7 (like I had to do once before, you would think I'd have learned).
    That morning the adware pop ups started. Since then I have scanned and deleted so much my head is spinning. I'm told to get rid of the Norton, and I do becuse it obviously didn't do me any good anyway. It was suggested that I download AntiVir PE Classic and Spybot, so I did to no avail. I also dowloaded NoAdWare. I paid over $60.00 for it for both of our computers and to b able install it any time. That didn't work either.
    I even ran scans, did a search on everything the scans found and deleted everything that showed up. I thought I had it licked I ran fine all day yesterday, only to get hammered agin last night.
    The trojans that seem to be showig up are TR/SPY.VBStat.B.1 and TR/Virtumod. I have also seen TR/Agent.ACL.1, but not for a few days.
    I have run the Norton fix Monde and fix Vundo. Sometimes it finds something and says it's fixed. Other times it doesn't find anything.
    The people at No AdWare asked me to download their diagnostic.exe and send them a log. I did so and deleted just what they said to. The trojans are still here and I'm still getting the ads.
    I'm also getting free ringtone pop ups and the winfixer pop ups.
    I just plain don't know what else to do other than loose everything I have and delete everything to start from scratch again, or take it to the shop and loose it for ??? long.
    Thanks for your help.
    Love,
    Barb
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Click here to download HJTsetup.exe:

    http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5
    Scroll down to the download section

    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. bbkings

    bbkings Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    5
    Logfile of HijackThis v1.99.1
    Scan saved at 1:33:49 PM, on 2/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Winferno\Secure IE\SIEPulse.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
    C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    C:\WINDOWS\system32\spupdsvc.exe
    C:\Program Files\Desktop Alert\desktopalert_415799.exe
    C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
    C:\WINDOWS\system32\spnpinst.exe
    C:\WINDOWS\system32\Sysocmgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [SIE2004] "C:\Program Files\Winferno\Secure IE\SIEPulse.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Desktop Alert.lnk = C:\Program Files\Desktop Alert\desktopalert_415799.exe
    O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
    O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: www.123greetings.com
    O15 - Trusted Zone: thegoldengoddess.50megs.com
    O15 - Trusted Zone: 7.62x54r.net
    O15 - Trusted Zone: www.poultryparadise.8m.net
    O15 - Trusted Zone: familyinternet.about.com
    O15 - Trusted Zone: quilting.about.com
    O15 - Trusted Zone: www.accuracyspeaks.com
    O15 - Trusted Zone: www.accuratepowder.com
    O15 - Trusted Zone: www.aep.com
    O15 - Trusted Zone: www.aimsurplus.com
    O15 - Trusted Zone: www.ak47.net
    O15 - Trusted Zone: www.alabamaforestowners.com
    O15 - Trusted Zone: www.alibris.com
    O15 - Trusted Zone: www.all-surnames.com
    O15 - Trusted Zone: www.amatobooks.com
    O15 - Trusted Zone: www.ambackforum.com
    O15 - Trusted Zone: www.ammunitionstore.com
    O15 - Trusted Zone: awt.ancestry.com
    O15 - Trusted Zone: www.ancestry.com
    O15 - Trusted Zone: www.angelfire.com
    O15 - Trusted Zone: www.annecollins.com
    O15 - Trusted Zone: www.ar15.com
    O15 - Trusted Zone: *.archives.gov
    O15 - Trusted Zone: www.armalite.com
    O15 - Trusted Zone: *.army.mil
    O15 - Trusted Zone: www.arringtonaccuracy.com
    O15 - Trusted Zone: www.arsenalinc.com
    O15 - Trusted Zone: chooseart.artselect.com
    O15 - Trusted Zone: *.atf.gov
    O15 - Trusted Zone: home.att.net
    O15 - Trusted Zone: www.auctionarms.com
    O15 - Trusted Zone: www.avsia.com
    O15 - Trusted Zone: members.aye.net
    O15 - Trusted Zone: www.basspro-shops.com
    O15 - Trusted Zone: www.bayonet.net
    O15 - Trusted Zone: www.bbkingssales.com
    O15 - Trusted Zone: www.bearandrews.com
    O15 - Trusted Zone: *.beargoldeneagle.net
    O15 - Trusted Zone: www.benchrest.com
    O15 - Trusted Zone: www.biggerhammer.net
    O15 - Trusted Zone: www.straitsflyfishingoutfitters.bigstep.com
    O15 - Trusted Zone: www.bjonessights.com
    O15 - Trusted Zone: www.blackpowderbags.com
    O15 - Trusted Zone: www.blackpowderjournal.com
    O15 - Trusted Zone: *.blm.gov
    O15 - Trusted Zone: www.bloomingbulb.com
    O15 - Trusted Zone: www.blueheronmercantile.com
    O15 - Trusted Zone: www.bluemountain.com
    O15 - Trusted Zone: members.boardhost.com
    O15 - Trusted Zone: www.bobandtom.com
    O15 - Trusted Zone: www.botanical.com
    O15 - Trusted Zone: www.bowhunting.net
    O15 - Trusted Zone: www.bowhuntinglinks.com
    O15 - Trusted Zone: www.bowsite.com
    O15 - Trusted Zone: www.boydboys.com
    O15 - Trusted Zone: masterpostemple.bravepages.com
    O15 - Trusted Zone: www.bright.net
    O15 - Trusted Zone: www.brownells.com
    O15 - Trusted Zone: www.browning.com
    O15 - Trusted Zone: www.browntool.com
    O15 - Trusted Zone: *.buckeyeflyfishers.com
    O15 - Trusted Zone: www.bushmaster.com
    O15 - Trusted Zone: *.buymilsurp.com
    O15 - Trusted Zone: www.byronferguson.com
    O15 - Trusted Zone: www.cabelas.com
    O15 - Trusted Zone: www.cap-n-ball.com
    O15 - Trusted Zone: service.capitalone.com
    O15 - Trusted Zone: www.carbinesforcollectors.com
    O15 - Trusted Zone: www.caryonah.com
    O15 - Trusted Zone: www.catforum.com
    O15 - Trusted Zone: mixes.cdkitchen.com
    O15 - Trusted Zone: www.censusdiggins.com
    O15 - Trusted Zone: www.centerfiresystems.com
    O15 - Trusted Zone: www.centuryarms.com
    O15 - Trusted Zone: www.cetmerifles.com
    O15 - Trusted Zone: www.championshooters.com
    O15 - Trusted Zone: www.charlesdaly.com
    O15 - Trusted Zone: www.chestnutridge.com
    O15 - Trusted Zone: *.chrony.ca
    O15 - Trusted Zone: *.clarku.edu
    O15 - Trusted Zone: *.classicarms.us
    O15 - Trusted Zone: www.clearcreektradingco.com
    O15 - Trusted Zone: www.clermontclerk.org
    O15 - Trusted Zone: www.clipart.com
    O15 - Trusted Zone: *.co.yu
    O15 - Trusted Zone: www.coledistributing.com
    O15 - Trusted Zone: www.colonialhorn.com
    O15 - Trusted Zone: *.com.au
    O15 - Trusted Zone: www.corbon.com
    O15 - Trusted Zone: *.crafterscommunity.com
    O15 - Trusted Zone: www.craftsetc.com
    O15 - Trusted Zone: www.creedmoorsports.com
    O15 - Trusted Zone: www.cyberdriveillinois.com
    O15 - Trusted Zone: www.cybersniper.com
    O15 - Trusted Zone: www.dansammo.com
    O15 - Trusted Zone: www.daveross.com
    O15 - Trusted Zone: *.davesgarden.com
    O15 - Trusted Zone: support.dell.com
    O15 - Trusted Zone: www.dell.com
    O15 - Trusted Zone: www.dellauction.com
    O15 - Trusted Zone: www.deweyrods.com
    O15 - Trusted Zone: *.dillonprecision.com
    O15 - Trusted Zone: www.discovercard.com
    O15 - Trusted Zone: www.dixiegunworks.com
    O15 - Trusted Zone: www.dpmsinc.com
    O15 - Trusted Zone: www.dragunov.net
    O15 - Trusted Zone: www.dsarms.com
    O15 - Trusted Zone: www.duckhunter.net
    O15 - Trusted Zone: www.eabco.com
    O15 - Trusted Zone: cgi6.ebay.com
    O15 - Trusted Zone: www.eders.com
    O15 - Trusted Zone: www.eggboxes.com
    O15 - Trusted Zone: www.ehomestore.net
    O15 - Trusted Zone: www.elca.org
    O15 - Trusted Zone: www.ellisonsmilitaryrifles.com
    O15 - Trusted Zone: www.emeraldhealth.com
    O15 - Trusted Zone: www.empirearms.com
    O15 - Trusted Zone: www.entreprise.com
    O15 - Trusted Zone: p077.ezboard.com
    O15 - Trusted Zone: pub12.ezboard.com
    O15 - Trusted Zone: pub163.ezboard.com
    O15 - Trusted Zone: pub208.ezboard.com
    O15 - Trusted Zone: pub36.ezboard.com
    O15 - Trusted Zone: pub48.ezboard.com
    O15 - Trusted Zone: pub86.ezboard.com
    O15 - Trusted Zone: pub99.ezboard.com
    O15 - Trusted Zone: www.ezboard.com
    O15 - Trusted Zone: www.fajen.com
    O15 - Trusted Zone: www.falfiles.com
    O15 - Trusted Zone: www.familysearch.org
    O15 - Trusted Zone: *.fbi.gov
    O15 - Trusted Zone: *.ferrisbarracks.com
    O15 - Trusted Zone: www.findagrave.com
    O15 - Trusted Zone: www.first-financialbankhb.com
    O15 - Trusted Zone: www.flintlocks.com
    O15 - Trusted Zone: www.flyfishtv.com
    O15 - Trusted Zone: www.flyshop.com
    O15 - Trusted Zone: *.fmg.ac
    O15 - Trusted Zone: www.forsterproducts.com
    O15 - Trusted Zone: www.foxridgeoutfitters.com
    O15 - Trusted Zone: www.freedomoptics.com
    O15 - Trusted Zone: *.frontierfolk.org
    O15 - Trusted Zone: www.fsdiscountarchery.com
    O15 - Trusted Zone: www.fulton-armory.com
    O15 - Trusted Zone: www.gardeningclub.com
    O15 - Trusted Zone: familytreemaker.genealogy.com
    O15 - Trusted Zone: genforum.genealogy.com
    O15 - Trusted Zone: www.geocities.com
    O15 - Trusted Zone: www.georgiaprecision.com
    O15 - Trusted Zone: www.germansales.com
    O15 - Trusted Zone: www.gibbsrifle.com
    O15 - Trusted Zone: www.gibrass.com
    O15 - Trusted Zone: www.gifs.net
    O15 - Trusted Zone: www.gigabuys.com
    O15 - Trusted Zone: www.globaltrades.com
    O15 - Trusted Zone: www.globelmilitarysurplus.com
    O15 - Trusted Zone: www.goldenagearmscompany.com
    O15 - Trusted Zone: www.grafs.com
    O15 - Trusted Zone: *.greeting-cards.com
    O15 - Trusted Zone: www.grizzly.com
    O15 - Trusted Zone: www.gunaccessories.com
    O15 - Trusted Zone: www.gunboards.com
    O15 - Trusted Zone: www.gunbroker.com
    O15 - Trusted Zone: www.gunpartscorp.com
    O15 - Trusted Zone: *.guns.ru
    O15 - Trusted Zone: www.gunsamerica.com
    O15 - Trusted Zone: www.gunshow.net
    O15 - Trusted Zone: www.gunsnammo.com
    O15 - Trusted Zone: www.gunsnet.net
    O15 - Trusted Zone: www.gunstocksplus.com
    O15 - Trusted Zone: www.harborfreight.com
    O15 - Trusted Zone: www.highcountryoutdoors.net
    O15 - Trusted Zone: www.historicaltrekking.com
    O15 - Trusted Zone: home.hiwaay.net
    O15 - Trusted Zone: www.hornady.com
    O15 - Trusted Zone: www.huntersview.com
    O15 - Trusted Zone: web2.iadfw.net
    O15 - Trusted Zone: www.impactguns.com
    O15 - Trusted Zone: *.in.us
    O15 - Trusted Zone: www.inrangec2.com
    O15 - Trusted Zone: www.interment.net
    O15 - Trusted Zone: www.interordnance.com
    O15 - Trusted Zone: *.iron-elite.com
    O15 - Trusted Zone: www.ishopmarine.com
    O15 - Trusted Zone: *.ithaca.edu
    O15 - Trusted Zone: fsc.izzitso.com
    O15 - Trusted Zone: *.jet.es
    O15 - Trusted Zone: www.jgsales.com
    O15 - Trusted Zone: www.jkcc.com
    O15 - Trusted Zone: www.joeken.com
    O15 - Trusted Zone: onlineclasses.joslin.org
    O15 - Trusted Zone: www.jouster.com
    O15 - Trusted Zone: www.jtdistributing.com
    O15 - Trusted Zone: www.k-varcorp.com
    O15 - Trusted Zone: www.kalinkaoptics.com
    O15 - Trusted Zone: www.kamala.com
    O15 - Trusted Zone: www.kebcollc.com
    O15 - Trusted Zone: www.kinseyarchery.com
    O15 - Trusted Zone: www.knology.net
    O15 - Trusted Zone: www.kriegerbarrels.com
    O15 - Trusted Zone: www.kustomkingarchery.com
    O15 - Trusted Zone: *.ky.gov
    O15 - Trusted Zone: www.lesott.com
    O15 - Trusted Zone: www.littleriveroutfitters.com
    O15 - Trusted Zone: www.lockstock.com
    O15 - Trusted Zone: www.logcabinshop.com
    O15 - Trusted Zone: *.longrifle.ws
    O15 - Trusted Zone: www.longrifles-pr.com
    O15 - Trusted Zone: www.lovebox.com
    O15 - Trusted Zone: www.lr-rpl.com
    O15 - Trusted Zone: *.lucas-family.org
    O15 - Trusted Zone: www.m-aparts.com
    O15 - Trusted Zone: www.m1-m1a-ar15.com
    O15 - Trusted Zone: www.m1garand.com
    O15 - Trusted Zone: www.madriveroutfitters.com
    O15 - Trusted Zone: www.mainepowderhouse.com
    O15 - Trusted Zone: *.makarov.com
    O15 - Trusted Zone: www.mausershooters.org
    O15 - Trusted Zone: www.mcmaster.com
    O15 - Trusted Zone: www.mcmurrayhatchery.com
    O15 - Trusted Zone: www.mctu.org
    O15 - Trusted Zone: woodlands.mead.com
    O15 - Trusted Zone: www.melborponsti.com
    O15 - Trusted Zone: www.midsouthshooterssupply.com
    O15 - Trusted Zone: www.midwayusa.com
    O15 - Trusted Zone: www.mikesshooters.com
    O15 - Trusted Zone: www.milparatours.com
    O15 - Trusted Zone: www.milsurpshooter.net
    O15 - Trusted Zone: *.mit.edu
    O15 - Trusted Zone: www.model1sales.com
    O15 - Trusted Zone: www.mosinnagant.net
    O15 - Trusted Zone: www.mthealthy.com
    O15 - Trusted Zone: www.muzzleloadermag.com
    O15 - Trusted Zone: www.muzzleloadingforum.com
    O15 - Trusted Zone: www.mycardmaker.com
    O15 - Trusted Zone: www.myoldrifles.com
    O15 - Trusted Zone: www.nickjr.com
    O15 - Trusted Zone: www.nmlra.org
    O15 - Trusted Zone: www.northerntool.com
    O15 - Trusted Zone: www.northridgeinc.com
    O15 - Trusted Zone: www.northstarwest.com
    O15 - Trusted Zone: www.nosler.com
    O15 - Trusted Zone: *.nps.gov
    O15 - Trusted Zone: www.nra.org
    O15 - Trusted Zone: www.nwta.com
    O15 - Trusted Zone: www.nwtrader.com
    O15 - Trusted Zone: *.octobercountry.com
    O15 - Trusted Zone: www.odcmp.com
    O15 - Trusted Zone: www.odotonline.org
    O15 - Trusted Zone: *.oh.us
    O15 - Trusted Zone: *.ohioccw.org
    O15 - Trusted Zone: www.ohiolottery.com
    O15 - Trusted Zone: www.ohioordnanceworks.com
    O15 - Trusted Zone: www.ohiorapidfire.com
    O15 - Trusted Zone: www.ohiosteelheaders.com
    O15 - Trusted Zone: www.okweber.com
    O15 - Trusted Zone: *.oldguns.net
    O15 - Trusted Zone: www.oldmercs.com
    O15 - Trusted Zone: www.olive-drab.com
    O15 - Trusted Zone: www.olyarms.com
    O15 - Trusted Zone: *.org.uk
    O15 - Trusted Zone: www.orientaltrading.com
    O15 - Trusted Zone: www.orvis.com
    O15 - Trusted Zone: www.p-a-distributing.com
    O15 - Trusted Zone: www.parkerheritage.com
    O15 - Trusted Zone: www.paypal.com
    O15 - Trusted Zone: pages.preferred.com
    O15 - Trusted Zone: www.pressurecooker-outlet.com
    O15 - Trusted Zone: ushunting.proboards19.com
    O15 - Trusted Zone: *.psu.edu
    O15 - Trusted Zone: www.r8web.com
    O15 - Trusted Zone: www.razorcaps.com
    O15 - Trusted Zone: www.rcbs.com
    O15 - Trusted Zone: realguide.real.com
    O15 - Trusted Zone: www.real.com
    O15 - Trusted Zone: www.redstararms.com
    O15 - Trusted Zone: *.reenacting.net
    O15 - Trusted Zone: new.register.com
    O15 - Trusted Zone: www.remington.com
    O15 - Trusted Zone: www.riflestock.com
    O15 - Trusted Zone: www.robertrtg.com
    O15 - Trusted Zone: www.rockriverarms.com
    O15 - Trusted Zone: helpdesk.rootsweb.com
    O15 - Trusted Zone: homepages.rootsweb.com
    O15 - Trusted Zone: resources.rootsweb.com
    O15 - Trusted Zone: wc.rootsweb.com
    O15 - Trusted Zone: worldconnect.rootsweb.com
    O15 - Trusted Zone: www.rootsweb.com
    O15 - Trusted Zone: *.royalist.info
    O15 - Trusted Zone: www.ruger-firearms.com
    O15 - Trusted Zone: www.samcoglobal.com
    O15 - Trusted Zone: www.savagearms.com
    O15 - Trusted Zone: www.savageparts.com
    O15 - Trusted Zone: www.scharch.com
    O15 - Trusted Zone: www.schwabplan.com
    O15 - Trusted Zone: www.scopemounts.com
    O15 - Trusted Zone: www.scoutscopes.com
    O15 - Trusted Zone: www.sears.com
    O15 - Trusted Zone: www.shooters.com
    O15 - Trusted Zone: www.sierrabullets.com
    O15 - Trusted Zone: www.sksboards.com
    O15 - Trusted Zone: www.smith-wesson.com
    O15 - Trusted Zone: www.smokiesstore.org
    O15 - Trusted Zone: www.snipercountry.com
    O15 - Trusted Zone: www.southernohiogun.com
    O15 - Trusted Zone: www.sparrowcreek.com
    O15 - Trusted Zone: www.sporterexpress.com
    O15 - Trusted Zone: www.sportsmansguide.com
    O15 - Trusted Zone: www.springfield-armory.com
    O15 - Trusted Zone: localbill.sprint.com
    O15 - Trusted Zone: www.sskindustries.com
    O15 - Trusted Zone: www.starlinebrass.com
    O15 - Trusted Zone: www.stickbow.com
    O15 - Trusted Zone: www.surplusrifle.com
    O15 - Trusted Zone: www.tapco.com
    O15 - Trusted Zone: www.tbotech.com
    O15 - Trusted Zone: www.tcarms.com
    O15 - Trusted Zone: www.televar.com
    O15 - Trusted Zone: www.tennesseeguns.com
    O15 - Trusted Zone: www.theguestbook.com
    O15 - Trusted Zone: *.thepeerage.com
    O15 - Trusted Zone: www.thirdreichdepot.com
    O15 - Trusted Zone: www.threeriversarchery.com
    O15 - Trusted Zone: www.tickbitesupply.com
    O15 - Trusted Zone: *.tn.us
    O15 - Trusted Zone: www.tngunparts.com
    O15 - Trusted Zone: www.trackerboats.com
    O15 - Trusted Zone: www.trackofthewolf.com
    O15 - Trusted Zone: www.tradbow.com
    O15 - Trusted Zone: www.traditionsfirearms.com
    O15 - Trusted Zone: *.treas.gov
    O15 - Trusted Zone: www.tumadmen.org
    O15 - Trusted Zone: www.ups.com
    O15 - Trusted Zone: *.usgs.gov
    O15 - Trusted Zone: ecap21.usps.com
    O15 - Trusted Zone: www.ustool.com
    O15 - Trusted Zone: *.utk.edu
    O15 - Trusted Zone: *.va.us
    O15 - Trusted Zone: www.volcano.net
    O15 - Trusted Zone: *.vsla.edu
    O15 - Trusted Zone: *.vt.edu
    O15 - Trusted Zone: www.walleyehunter.com
    O15 - Trusted Zone: www.websitetoolbox.com
    O15 - Trusted Zone: www.whiteoakhunting.com
    O15 - Trusted Zone: www.whitetailtrophy.com
    O15 - Trusted Zone: www.wideners.com
    O15 - Trusted Zone: www.wildfowl.net
    O15 - Trusted Zone: www.winchester.com
    O15 - Trusted Zone: www.winchesterguns.com
    O15 - Trusted Zone: *.worldroots.com
    O15 - Trusted Zone: www.worldvitalrecords.com
    O15 - Trusted Zone: *.worldwar2.ro
    O15 - Trusted Zone: www.yooperj.com
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134868432437
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
    Double-click VundoFix.exe to run it.
    click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt and a new HijackThis log.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
    =======================

    download http://www.mvps.org/winhelp2002/DelDomains.inf with I.E.

    Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

    Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.
    =======================

    Download Superantispyware

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
  5. bbkings

    bbkings Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    5
    Logfile of HijackThis v1.99.1
    Scan saved at 2:05:24 PM, on 2/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\DSentry.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Winferno\Secure IE\SIEPulse.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
    C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    C:\Program Files\Desktop Alert\desktopalert_415799.exe
    C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\spupdsvc.exe
    C:\WINDOWS\system32\spnpinst.exe
    C:\WINDOWS\system32\Sysocmgr.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
    O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\omwwiqxi.dll (file missing)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [SIE2004] "C:\Program Files\Winferno\Secure IE\SIEPulse.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Desktop Alert.lnk = C:\Program Files\Desktop Alert\desktopalert_415799.exe
    O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
    O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: www.123greetings.com
    O15 - Trusted Zone: thegoldengoddess.50megs.com
    O15 - Trusted Zone: 7.62x54r.net
    O15 - Trusted Zone: www.poultryparadise.8m.net
    O15 - Trusted Zone: familyinternet.about.com
    O15 - Trusted Zone: quilting.about.com
    O15 - Trusted Zone: www.accuracyspeaks.com
    O15 - Trusted Zone: www.accuratepowder.com
    O15 - Trusted Zone: www.aep.com
    O15 - Trusted Zone: www.aimsurplus.com
    O15 - Trusted Zone: www.ak47.net
    O15 - Trusted Zone: www.alabamaforestowners.com
    O15 - Trusted Zone: www.alibris.com
    O15 - Trusted Zone: www.all-surnames.com
    O15 - Trusted Zone: www.amatobooks.com
    O15 - Trusted Zone: www.ambackforum.com
    O15 - Trusted Zone: www.ammunitionstore.com
    O15 - Trusted Zone: awt.ancestry.com
    O15 - Trusted Zone: www.ancestry.com
    O15 - Trusted Zone: www.angelfire.com
    O15 - Trusted Zone: www.annecollins.com
    O15 - Trusted Zone: www.ar15.com
    O15 - Trusted Zone: *.archives.gov
    O15 - Trusted Zone: www.armalite.com
    O15 - Trusted Zone: *.army.mil
    O15 - Trusted Zone: www.arringtonaccuracy.com
    O15 - Trusted Zone: www.arsenalinc.com
    O15 - Trusted Zone: chooseart.artselect.com
    O15 - Trusted Zone: *.atf.gov
    O15 - Trusted Zone: home.att.net
    O15 - Trusted Zone: www.auctionarms.com
    O15 - Trusted Zone: www.avsia.com
    O15 - Trusted Zone: members.aye.net
    O15 - Trusted Zone: www.basspro-shops.com
    O15 - Trusted Zone: www.bayonet.net
    O15 - Trusted Zone: www.bbkingssales.com
    O15 - Trusted Zone: www.bearandrews.com
    O15 - Trusted Zone: *.beargoldeneagle.net
    O15 - Trusted Zone: www.benchrest.com
    O15 - Trusted Zone: www.biggerhammer.net
    O15 - Trusted Zone: www.straitsflyfishingoutfitters.bigstep.com
    O15 - Trusted Zone: www.bjonessights.com
    O15 - Trusted Zone: www.blackpowderbags.com
    O15 - Trusted Zone: www.blackpowderjournal.com
    O15 - Trusted Zone: *.blm.gov
    O15 - Trusted Zone: www.bloomingbulb.com
    O15 - Trusted Zone: www.blueheronmercantile.com
    O15 - Trusted Zone: www.bluemountain.com
    O15 - Trusted Zone: members.boardhost.com
    O15 - Trusted Zone: www.bobandtom.com
    O15 - Trusted Zone: www.botanical.com
    O15 - Trusted Zone: www.bowhunting.net
    O15 - Trusted Zone: www.bowhuntinglinks.com
    O15 - Trusted Zone: www.bowsite.com
    O15 - Trusted Zone: www.boydboys.com
    O15 - Trusted Zone: masterpostemple.bravepages.com
    O15 - Trusted Zone: www.bright.net
    O15 - Trusted Zone: www.brownells.com
    O15 - Trusted Zone: www.browning.com
    O15 - Trusted Zone: www.browntool.com
    O15 - Trusted Zone: *.buckeyeflyfishers.com
    O15 - Trusted Zone: www.bushmaster.com
    O15 - Trusted Zone: *.buymilsurp.com
    O15 - Trusted Zone: www.byronferguson.com
    O15 - Trusted Zone: www.cabelas.com
    O15 - Trusted Zone: www.cap-n-ball.com
    O15 - Trusted Zone: service.capitalone.com
    O15 - Trusted Zone: www.carbinesforcollectors.com
    O15 - Trusted Zone: www.caryonah.com
    O15 - Trusted Zone: www.catforum.com
    O15 - Trusted Zone: mixes.cdkitchen.com
    O15 - Trusted Zone: www.censusdiggins.com
    O15 - Trusted Zone: www.centerfiresystems.com
    O15 - Trusted Zone: www.centuryarms.com
    O15 - Trusted Zone: www.cetmerifles.com
    O15 - Trusted Zone: www.championshooters.com
    O15 - Trusted Zone: www.charlesdaly.com
    O15 - Trusted Zone: www.chestnutridge.com
    O15 - Trusted Zone: *.chrony.ca
    O15 - Trusted Zone: *.clarku.edu
    O15 - Trusted Zone: *.classicarms.us
    O15 - Trusted Zone: www.clearcreektradingco.com
    O15 - Trusted Zone: www.clermontclerk.org
    O15 - Trusted Zone: www.clipart.com
    O15 - Trusted Zone: *.co.yu
    O15 - Trusted Zone: www.coledistributing.com
    O15 - Trusted Zone: www.colonialhorn.com
    O15 - Trusted Zone: *.com.au
    O15 - Trusted Zone: www.corbon.com
    O15 - Trusted Zone: *.crafterscommunity.com
    O15 - Trusted Zone: www.craftsetc.com
    O15 - Trusted Zone: www.creedmoorsports.com
    O15 - Trusted Zone: www.cyberdriveillinois.com
    O15 - Trusted Zone: www.cybersniper.com
    O15 - Trusted Zone: www.dansammo.com
    O15 - Trusted Zone: www.daveross.com
    O15 - Trusted Zone: *.davesgarden.com
    O15 - Trusted Zone: support.dell.com
    O15 - Trusted Zone: www.dell.com
    O15 - Trusted Zone: www.dellauction.com
    O15 - Trusted Zone: www.deweyrods.com
    O15 - Trusted Zone: *.dillonprecision.com
    O15 - Trusted Zone: www.discovercard.com
    O15 - Trusted Zone: www.dixiegunworks.com
    O15 - Trusted Zone: www.dpmsinc.com
    O15 - Trusted Zone: www.dragunov.net
    O15 - Trusted Zone: www.dsarms.com
    O15 - Trusted Zone: www.duckhunter.net
    O15 - Trusted Zone: www.eabco.com
    O15 - Trusted Zone: cgi6.ebay.com
    O15 - Trusted Zone: www.eders.com
    O15 - Trusted Zone: www.eggboxes.com
    O15 - Trusted Zone: www.ehomestore.net
    O15 - Trusted Zone: www.elca.org
    O15 - Trusted Zone: www.ellisonsmilitaryrifles.com
    O15 - Trusted Zone: www.emeraldhealth.com
    O15 - Trusted Zone: www.empirearms.com
    O15 - Trusted Zone: www.entreprise.com
    O15 - Trusted Zone: p077.ezboard.com
    O15 - Trusted Zone: pub12.ezboard.com
    O15 - Trusted Zone: pub163.ezboard.com
    O15 - Trusted Zone: pub208.ezboard.com
    O15 - Trusted Zone: pub36.ezboard.com
    O15 - Trusted Zone: pub48.ezboard.com
    O15 - Trusted Zone: pub86.ezboard.com
    O15 - Trusted Zone: pub99.ezboard.com
    O15 - Trusted Zone: www.ezboard.com
    O15 - Trusted Zone: www.fajen.com
    O15 - Trusted Zone: www.falfiles.com
    O15 - Trusted Zone: www.familysearch.org
    O15 - Trusted Zone: *.fbi.gov
    O15 - Trusted Zone: *.ferrisbarracks.com
    O15 - Trusted Zone: www.findagrave.com
    O15 - Trusted Zone: www.first-financialbankhb.com
    O15 - Trusted Zone: www.flintlocks.com
    O15 - Trusted Zone: www.flyfishtv.com
    O15 - Trusted Zone: www.flyshop.com
    O15 - Trusted Zone: *.fmg.ac
    O15 - Trusted Zone: www.forsterproducts.com
    O15 - Trusted Zone: www.foxridgeoutfitters.com
    O15 - Trusted Zone: www.freedomoptics.com
    O15 - Trusted Zone: *.frontierfolk.org
    O15 - Trusted Zone: www.fsdiscountarchery.com
    O15 - Trusted Zone: www.fulton-armory.com
    O15 - Trusted Zone: www.gardeningclub.com
    O15 - Trusted Zone: familytreemaker.genealogy.com
    O15 - Trusted Zone: genforum.genealogy.com
    O15 - Trusted Zone: www.geocities.com
    O15 - Trusted Zone: www.georgiaprecision.com
    O15 - Trusted Zone: www.germansales.com
    O15 - Trusted Zone: www.gibbsrifle.com
    O15 - Trusted Zone: www.gibrass.com
    O15 - Trusted Zone: www.gifs.net
    O15 - Trusted Zone: www.gigabuys.com
    O15 - Trusted Zone: www.globaltrades.com
    O15 - Trusted Zone: www.globelmilitarysurplus.com
    O15 - Trusted Zone: www.goldenagearmscompany.com
    O15 - Trusted Zone: www.grafs.com
    O15 - Trusted Zone: *.greeting-cards.com
    O15 - Trusted Zone: www.grizzly.com
    O15 - Trusted Zone: www.gunaccessories.com
    O15 - Trusted Zone: www.gunboards.com
    O15 - Trusted Zone: www.gunbroker.com
    O15 - Trusted Zone: www.gunpartscorp.com
    O15 - Trusted Zone: *.guns.ru
    O15 - Trusted Zone: www.gunsamerica.com
    O15 - Trusted Zone: www.gunshow.net
    O15 - Trusted Zone: www.gunsnammo.com
    O15 - Trusted Zone: www.gunsnet.net
    O15 - Trusted Zone: www.gunstocksplus.com
    O15 - Trusted Zone: www.harborfreight.com
    O15 - Trusted Zone: www.highcountryoutdoors.net
    O15 - Trusted Zone: www.historicaltrekking.com
    O15 - Trusted Zone: home.hiwaay.net
    O15 - Trusted Zone: www.hornady.com
    O15 - Trusted Zone: www.huntersview.com
    O15 - Trusted Zone: web2.iadfw.net
    O15 - Trusted Zone: www.impactguns.com
    O15 - Trusted Zone: *.in.us
    O15 - Trusted Zone: www.inrangec2.com
    O15 - Trusted Zone: www.interment.net
    O15 - Trusted Zone: www.interordnance.com
    O15 - Trusted Zone: *.iron-elite.com
    O15 - Trusted Zone: www.ishopmarine.com
    O15 - Trusted Zone: *.ithaca.edu
    O15 - Trusted Zone: fsc.izzitso.com
    O15 - Trusted Zone: *.jet.es
    O15 - Trusted Zone: www.jgsales.com
    O15 - Trusted Zone: www.jkcc.com
    O15 - Trusted Zone: www.joeken.com
    O15 - Trusted Zone: onlineclasses.joslin.org
    O15 - Trusted Zone: www.jouster.com
    O15 - Trusted Zone: www.jtdistributing.com
    O15 - Trusted Zone: www.k-varcorp.com
    O15 - Trusted Zone: www.kalinkaoptics.com
    O15 - Trusted Zone: www.kamala.com
    O15 - Trusted Zone: www.kebcollc.com
    O15 - Trusted Zone: www.kinseyarchery.com
    O15 - Trusted Zone: www.knology.net
    O15 - Trusted Zone: www.kriegerbarrels.com
    O15 - Trusted Zone: www.kustomkingarchery.com
    O15 - Trusted Zone: *.ky.gov
    O15 - Trusted Zone: www.lesott.com
    O15 - Trusted Zone: www.littleriveroutfitters.com
    O15 - Trusted Zone: www.lockstock.com
    O15 - Trusted Zone: www.logcabinshop.com
    O15 - Trusted Zone: *.longrifle.ws
    O15 - Trusted Zone: www.longrifles-pr.com
    O15 - Trusted Zone: www.lovebox.com
    O15 - Trusted Zone: www.lr-rpl.com
    O15 - Trusted Zone: *.lucas-family.org
    O15 - Trusted Zone: www.m-aparts.com
    O15 - Trusted Zone: www.m1-m1a-ar15.com
    O15 - Trusted Zone: www.m1garand.com
    O15 - Trusted Zone: www.madriveroutfitters.com
    O15 - Trusted Zone: www.mainepowderhouse.com
    O15 - Trusted Zone: *.makarov.com
    O15 - Trusted Zone: www.mausershooters.org
    O15 - Trusted Zone: www.mcmaster.com
    O15 - Trusted Zone: www.mcmurrayhatchery.com
    O15 - Trusted Zone: www.mctu.org
    O15 - Trusted Zone: woodlands.mead.com
    O15 - Trusted Zone: www.melborponsti.com
    O15 - Trusted Zone: www.midsouthshooterssupply.com
    O15 - Trusted Zone: www.midwayusa.com
    O15 - Trusted Zone: www.mikesshooters.com
    O15 - Trusted Zone: www.milparatours.com
    O15 - Trusted Zone: www.milsurpshooter.net
    O15 - Trusted Zone: *.mit.edu
    O15 - Trusted Zone: www.model1sales.com
    O15 - Trusted Zone: www.mosinnagant.net
    O15 - Trusted Zone: www.mthealthy.com
    O15 - Trusted Zone: www.muzzleloadermag.com
    O15 - Trusted Zone: www.muzzleloadingforum.com
    O15 - Trusted Zone: www.mycardmaker.com
    O15 - Trusted Zone: www.myoldrifles.com
    O15 - Trusted Zone: www.nickjr.com
    O15 - Trusted Zone: www.nmlra.org
    O15 - Trusted Zone: www.northerntool.com
    O15 - Trusted Zone: www.northridgeinc.com
    O15 - Trusted Zone: www.northstarwest.com
    O15 - Trusted Zone: www.nosler.com
    O15 - Trusted Zone: *.nps.gov
    O15 - Trusted Zone: www.nra.org
    O15 - Trusted Zone: www.nwta.com
    O15 - Trusted Zone: www.nwtrader.com
    O15 - Trusted Zone: *.octobercountry.com
    O15 - Trusted Zone: www.odcmp.com
    O15 - Trusted Zone: www.odotonline.org
    O15 - Trusted Zone: *.oh.us
    O15 - Trusted Zone: *.ohioccw.org
    O15 - Trusted Zone: www.ohiolottery.com
    O15 - Trusted Zone: www.ohioordnanceworks.com
    O15 - Trusted Zone: www.ohiorapidfire.com
    O15 - Trusted Zone: www.ohiosteelheaders.com
    O15 - Trusted Zone: www.okweber.com
    O15 - Trusted Zone: *.oldguns.net
    O15 - Trusted Zone: www.oldmercs.com
    O15 - Trusted Zone: www.olive-drab.com
    O15 - Trusted Zone: www.olyarms.com
    O15 - Trusted Zone: *.org.uk
    O15 - Trusted Zone: www.orientaltrading.com
    O15 - Trusted Zone: www.orvis.com
    O15 - Trusted Zone: www.p-a-distributing.com
    O15 - Trusted Zone: www.parkerheritage.com
    O15 - Trusted Zone: www.paypal.com
    O15 - Trusted Zone: pages.preferred.com
    O15 - Trusted Zone: www.pressurecooker-outlet.com
    O15 - Trusted Zone: ushunting.proboards19.com
    O15 - Trusted Zone: *.psu.edu
    O15 - Trusted Zone: www.r8web.com
    O15 - Trusted Zone: www.razorcaps.com
    O15 - Trusted Zone: www.rcbs.com
    O15 - Trusted Zone: realguide.real.com
    O15 - Trusted Zone: www.real.com
    O15 - Trusted Zone: www.redstararms.com
    O15 - Trusted Zone: *.reenacting.net
    O15 - Trusted Zone: new.register.com
    O15 - Trusted Zone: www.remington.com
    O15 - Trusted Zone: www.riflestock.com
    O15 - Trusted Zone: www.robertrtg.com
    O15 - Trusted Zone: www.rockriverarms.com
    O15 - Trusted Zone: helpdesk.rootsweb.com
    O15 - Trusted Zone: homepages.rootsweb.com
    O15 - Trusted Zone: resources.rootsweb.com
    O15 - Trusted Zone: wc.rootsweb.com
    O15 - Trusted Zone: worldconnect.rootsweb.com
    O15 - Trusted Zone: www.rootsweb.com
    O15 - Trusted Zone: *.royalist.info
    O15 - Trusted Zone: www.ruger-firearms.com
    O15 - Trusted Zone: www.samcoglobal.com
    O15 - Trusted Zone: www.savagearms.com
    O15 - Trusted Zone: www.savageparts.com
    O15 - Trusted Zone: www.scharch.com
    O15 - Trusted Zone: www.schwabplan.com
    O15 - Trusted Zone: www.scopemounts.com
    O15 - Trusted Zone: www.scoutscopes.com
    O15 - Trusted Zone: www.sears.com
    O15 - Trusted Zone: www.shooters.com
    O15 - Trusted Zone: www.sierrabullets.com
    O15 - Trusted Zone: www.sksboards.com
    O15 - Trusted Zone: www.smith-wesson.com
    O15 - Trusted Zone: www.smokiesstore.org
    O15 - Trusted Zone: www.snipercountry.com
    O15 - Trusted Zone: www.southernohiogun.com
    O15 - Trusted Zone: www.sparrowcreek.com
    O15 - Trusted Zone: www.sporterexpress.com
    O15 - Trusted Zone: www.sportsmansguide.com
    O15 - Trusted Zone: www.springfield-armory.com
    O15 - Trusted Zone: localbill.sprint.com
    O15 - Trusted Zone: www.sskindustries.com
    O15 - Trusted Zone: www.starlinebrass.com
    O15 - Trusted Zone: www.stickbow.com
    O15 - Trusted Zone: www.surplusrifle.com
    O15 - Trusted Zone: www.tapco.com
    O15 - Trusted Zone: www.tbotech.com
    O15 - Trusted Zone: www.tcarms.com
    O15 - Trusted Zone: www.televar.com
    O15 - Trusted Zone: www.tennesseeguns.com
    O15 - Trusted Zone: www.theguestbook.com
    O15 - Trusted Zone: *.thepeerage.com
    O15 - Trusted Zone: www.thirdreichdepot.com
    O15 - Trusted Zone: www.threeriversarchery.com
    O15 - Trusted Zone: www.tickbitesupply.com
    O15 - Trusted Zone: *.tn.us
    O15 - Trusted Zone: www.tngunparts.com
    O15 - Trusted Zone: www.trackerboats.com
    O15 - Trusted Zone: www.trackofthewolf.com
    O15 - Trusted Zone: www.tradbow.com
    O15 - Trusted Zone: www.traditionsfirearms.com
    O15 - Trusted Zone: *.treas.gov
    O15 - Trusted Zone: www.tumadmen.org
    O15 - Trusted Zone: www.ups.com
    O15 - Trusted Zone: *.usgs.gov
    O15 - Trusted Zone: ecap21.usps.com
    O15 - Trusted Zone: www.ustool.com
    O15 - Trusted Zone: *.utk.edu
    O15 - Trusted Zone: *.va.us
    O15 - Trusted Zone: www.volcano.net
    O15 - Trusted Zone: *.vsla.edu
    O15 - Trusted Zone: *.vt.edu
    O15 - Trusted Zone: www.walleyehunter.com
    O15 - Trusted Zone: www.websitetoolbox.com
    O15 - Trusted Zone: www.whiteoakhunting.com
    O15 - Trusted Zone: www.whitetailtrophy.com
    O15 - Trusted Zone: www.wideners.com
    O15 - Trusted Zone: www.wildfowl.net
    O15 - Trusted Zone: www.winchester.com
    O15 - Trusted Zone: www.winchesterguns.com
    O15 - Trusted Zone: *.worldroots.com
    O15 - Trusted Zone: www.worldvitalrecords.com
    O15 - Trusted Zone: *.worldwar2.ro
    O15 - Trusted Zone: www.yooperj.com
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134868432437
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

    and


    VundoFix V6.3.5

    Checking Java version...

    Scan started at 1:53:32 PM 2/6/2007

    Listing files found while scanning....

    C:\WINDOWS\Speech\ewbrdv.dll
    C:\WINDOWS\Speech\vdrbwe.bak1
    C:\WINDOWS\Speech\vdrbwe.bak2
    C:\WINDOWS\Speech\vdrbwe.ini
    C:\WINDOWS\system32\omwwiqxi.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\Speech\ewbrdv.dll
    C:\WINDOWS\Speech\ewbrdv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\Speech\vdrbwe.bak1
    C:\WINDOWS\Speech\vdrbwe.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\Speech\vdrbwe.bak2
    C:\WINDOWS\Speech\vdrbwe.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\Speech\vdrbwe.ini
    C:\WINDOWS\Speech\vdrbwe.ini Has been deleted!

    Performing Repairs to the registry.
    Done!


    Thanks,
    Barb
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Do the next 2 items and then post a new hijack log
     
  7. bbkings

    bbkings Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    5
    Sorry it took so long. We are in the middle of big freeze and snow right now and about 2/3 of the way through the power went out.
    I hope this is all what you need?


    SUPERAntiSpyware Scan Log
    Generated 02/06/2007 at 03:52 PM

    Application Version : 3.5.1016

    Core Rules Database Version : 3178
    Trace Rules Database Version: 1188

    Scan type : Complete Scan
    Total Scan Time : 00:54:06

    Memory items scanned : 416
    Memory threats detected : 0
    Registry items scanned : 5454
    Registry threats detected : 3
    File items scanned : 73010
    File threats detected : 35

    Adware.Tracking Cookie
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][2].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][2].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][2].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][2].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][2].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][2].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][2].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][3].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][2].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][2].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][2].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][2].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][2].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][2].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][2].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt
    C:\Documents and Settings\Barbara King\cookies\[email protected][1].txt

    Adware.Vundo Variant
    HKCR\CLSID\{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50}
    HKCR\CLSID\{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50}\InprocServer32
    HKCR\CLSID\{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50}\InprocServer32#ThreadingModel

    Adware.VSToolbar
    C:\Program Files\VSAdd-in

    Trojan.Downloader-PATDUM
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001096.DLL
    C:\VUNDOFIX BACKUPS\EWBRDV.DLL.BAD


    Logfile of HijackThis v1.99.1
    Scan saved at 3:58:34 PM, on 2/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spupdsvc.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Winferno\Secure IE\SIEPulse.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\spnpinst.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
    C:\WINDOWS\system32\Sysocmgr.exe
    C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    C:\Program Files\Desktop Alert\desktopalert_415799.exe
    C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [SIE2004] "C:\Program Files\Winferno\Secure IE\SIEPulse.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Desktop Alert.lnk = C:\Program Files\Desktop Alert\desktopalert_415799.exe
    O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
    O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
    O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134868432437
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix this

    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find this exact name

    Symantec Core LC

    Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility.
    =================
    Clean [​IMG]
    If you feel its is fixed mark it solved via Thread Tools above

    Turn off restore points, boot, turn them back on – here’s how

    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
     
  9. bbkings

    bbkings Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    5
    All done and so far so good! I'm sure that I'll be able to let you know by tomorrow for sure that it worked.

    I can't thank you enough!

    I still have a couple of questions.
    1- How did I get this? email? website? What's safe and what's not? (except of course attachments in emails, I know)
    2- How do I protect myself in the future? or do I just risk it and come back here if and when it hapepns again?
    3- Now that I have all these virus things and scans downloaded, do I keep them all? If not, what do I get rid of?
    I have the ones you recommended, Windows Defender, No AdWare, Spybot and AntiVir Personal Classic. Is it safe to keep them all, or is it overkill?
    Again thanks for your time.
    Love,
    Barb
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/541760

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice