Solved: Search Engine & Google Redirection problems...

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

pmcintire

Thread Starter
Joined
Jan 12, 2006
Messages
25
Got something going on it's driving me mad. A couple of weeks ago, I ran into a problem with search engine redirection. Every time that I search for anything on Google specifically (I haven't checked the number of other engines) I see the Google results, then immediately get redirected to a PPC. I'm not sure if these PPC links are on the Google results or not. I can see in my status window that I'm getting thrown at a IP address that begins with 82, and end destination is a click.php file with what looks like a hash session ID. I originally got scared that my ISP's DNS servers had been violated, but this situation is only happening in IE, and not FireFox.

I would consider myself pretty tech literate. My HJT is clean, BHOs are clean, running processes look clean; everything looks legit.

About 10 days ago when I first ran into this problem, I found a file in system32 through seaching for files created or mod'd within the last 24 hours (the problem had just started) and found a zpmodem.sys file in there. Research on the net identified this as a bad file, and I removed it, and searched through the system.ini, win.ini and other configuration files but couldn't find anything calling to it at bootup. I checked all my running services to see if it snuck in there, and nothing. After reboot, the redirection stopped happening and I thought I was in the clear.

Today, it has started happening again. I can't find any files that show change in the last 24 hours, and zpmodem.sys is not present. I can't seem to find anything that's causing it.

Again-- this is only occurring in IE, not Firefox, so it's no issue with a hosts file, or external redirection. I don't visit porn sites, p2p sites, open up "free" screensavers in Outlook, or anything of the sort -- so how I got this is unclear, and why it's persisting is unclear.

But it's rendered IE pretty useless.

Anyone have any ideas? I'd really appreciate any help.
 

pmcintire

Thread Starter
Joined
Jan 12, 2006
Messages
25
Logfile of HijackThis v1.99.1
Scan saved at 6:04:05 PM, on 1/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\DynDNS-Updater\ddusrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Attensa\AttensaEngine.exe
C:\Program Files\[email protected]\boincmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\[email protected]\boinc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PluginBHO Class - {6C1178CD-2276-45FE-ACC1-02CDD2481F9D} - C:\Program Files\Attensa\AttensaIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Attensa for IE - {458E6614-0D24-415A-824A-130064AF7BF8} - C:\Program Files\Attensa\AttensaIEPlugin.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Attensa.lnk = C:\Program Files\Attensa\AttensaEngine.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\[email protected]\boincmgr.exe
O4 - Global Startup: ATnotes.lnk = C:\Program Files\ATnotes\ATnotes.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Attensa - Add Feed - res://C:\Program Files\Attensa\AttensaIEPlugin.dll/ContextMenu.html
O8 - Extra context menu item: Attensa - Preview Feed - res://C:\Program Files\Attensa\AttensaIEPlugin.dll/ContextMenuPreview.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O15 - Trusted Zone: *.dotster.com
O15 - Trusted Zone: *.dslreports.com
O15 - Trusted Zone: *.mygotvmail.com
O15 - Trusted Zone: *.newegg.com
O15 - Trusted Zone: *.radioio.com
O15 - Trusted Zone: *.registerapi.com
O15 - Trusted Zone: *.searchplay.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125183359593
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3310362-E61C-4C6D-83DB-54A3CDB0E1D4}: NameServer = 192.168.0.25
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DynDNS-Updater (DDUService) - Nord-Vision Business Systeme GmbH - C:\Program Files\DynDNS-Updater\ddusrv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
 
Joined
Sep 7, 2004
Messages
49,014
Did you knowingly install Attensa???? One of its CLSID's belongs to a malware entry

===============
Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
 
Joined
Mar 7, 2005
Messages
406
In HJT Google should be google1 not google2. There is a virus that attacks the google toolbar. You may have to reinstall the toolbar.
 

pmcintire

Thread Starter
Joined
Jan 12, 2006
Messages
25
Yes, I knowingly installed Attensa. It's an RSS reader extension for Outlook. I did have some problems getting it from the manufacturer's website, so I downloaded from versiontracker. Could this have posed a problem? I'm surprised that anything Attensa related is matching malware CLSID...

Regarding Google1 vs Google2, I was under the impression that with the integration of Google Desktop, Google1 became Google2, in the case that the installation wasn't only for just the toolbar, but to allow local integration as well. Can you confirm this or otherwise?

In any case, I'll uninstall, clean out BHO and follow the other steps that MFD suggested.

Thanks for your help. I'll post other results as soon as I have them.
 
Joined
Mar 7, 2005
Messages
406
I don't have Google Desk Top, I just have the toolbar. Another good sign something is wrong with the Google Toolbar is when the search results are not what you are looking for. I have an article about it, but I don't have access to my computer at this time. I am using my daughters' computer.
 

pmcintire

Thread Starter
Joined
Jan 12, 2006
Messages
25
As of now, it doesn't look like I'm experiencing the same problem with Google search, however I'm unsure of what exactly it pulled out. I cleaned BHO's, cleaned in Safe Mode, etc. Here are the logs. See anything else I should question?

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:18:25 PM, 1/12/2006
+ Report-Checksum: 8EE7D850

+ Scan result:

[208] VM_00D60000 -> Downloader.Agent.uj : Error during cleaning
[232] VM_00C70000 -> Downloader.Agent.uj : Error during cleaning
[836] VM_009D0000 -> Downloader.Agent.uj : Error during cleaning
[1212] VM_003A0000 -> Downloader.Agent.uj : Error during cleaning
:mozilla.19:C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\gn3i8rg3.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Patrick\Application Data\Netscape\NSB\Profiles\7v1c0vvl.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Patrick\Application Data\Netscape\NSB\Profiles\7v1c0vvl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Patrick\Application Data\Netscape\NSB\Profiles\7v1c0vvl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Patrick\Application Data\Netscape\NSB\Profiles\7v1c0vvl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Patrick\Application Data\Netscape\NSB\Profiles\7v1c0vvl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Patrick\Application Data\Netscape\NSB\Profiles\7v1c0vvl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Patrick\Application Data\Netscape\NSB\Profiles\7v1c0vvl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Patrick\Application Data\Netscape\NSB\Profiles\7v1c0vvl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Patrick\Application Data\Netscape\NSB\Profiles\7v1c0vvl.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Patrick\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Patrick\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Patrick\Cookies\[email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\DynDNS-Updater\ddutray.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0F9A4EE3-2314-4342-9BCB-6A6086\E35DFEEB-05E6-4602-BD92-5DB440 -> Spyware.SBSoft : Cleaned with backup
C:\RECYCLER\S-1-5-21-1935655697-1214440339-725345543-1003\Dc151.exe -> Adware.SaveNow : Cleaned with backup

::Report End

I was concerned with DynDNS-Updater, ddutray.exe. I'm surprised that it found something in that. Surprisingly enough, it didn't find squat in the actual service file, only the configuration front end -- and that is a sanctioned, supported, recommended app from dyndns.com.

Logfile of HijackThis v1.99.1
Scan saved at 8:25:02 PM, on 1/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\DynDNS-Updater\ddusrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\[email protected]\boincmgr.exe
C:\Program Files\[email protected]\boinc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\[email protected]\boincmgr.exe
O4 - Global Startup: ATnotes.lnk = C:\Program Files\ATnotes\ATnotes.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O15 - Trusted Zone: *.dotster.com
O15 - Trusted Zone: *.dslreports.com
O15 - Trusted Zone: *.mygotvmail.com
O15 - Trusted Zone: *.newegg.com
O15 - Trusted Zone: *.radioio.com
O15 - Trusted Zone: *.registerapi.com
O15 - Trusted Zone: *.searchplay.com
O15 - Trusted Zone: *.sony.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3310362-E61C-4C6D-83DB-54A3CDB0E1D4}: NameServer = 192.168.0.25
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DynDNS-Updater (DDUService) - Nord-Vision Business Systeme GmbH - C:\Program Files\DynDNS-Updater\ddusrv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

Should I be concerned with how many instances of svchost I'm running?

Thanks for the help. As of now, Google is acting correctly, and response time has actually improved with browsing. I'll just have to reinstall some apps I ripped and see what happens.

Any other advice?
 

pmcintire

Thread Starter
Joined
Jan 12, 2006
Messages
25
Nope,

Still a problem. When navigating to Sun to reinstall Java, I was getting redirected to a internet stocks site profiling the sun tick symbol.. the redirects have some relevance, obviously. Very annoying.

Like I said in my original post, it's a random problem that doesn't show up everytime. Thought I was in the clear there for 10 mins..

Any other ideas?
 
Joined
Sep 7, 2004
Messages
49,014
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout

http://downloads.subratam.org/Fixwareout.exe


Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.
 

pmcintire

Thread Starter
Joined
Jan 12, 2006
Messages
25
Things look clean so far... this also seemed to clean up some Explorer lock ups I was having (I would have to end expolorer, and restart a new instance in Task Mngr) and some issues I was having with deleting some folders that were empty but saying that "The directory is not empty."

Here are the logs:

Fixwareout ver 1.003
Last edited 1/12/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\llimd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSSZL.EXE
C:\WINDOWS\SYSTEM32\DMILL.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

Logfile of HijackThis v1.99.1
Scan saved at 3:21:57 AM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\[email protected]\boincmgr.exe
C:\Program Files\[email protected]\boinc.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\UltraEdit-32\uedit32.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java 1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [dmhzy.exe] C:\WINDOWS\system32\dmhzy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java 1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\[email protected]\boincmgr.exe
O4 - Global Startup: ATnotes.lnk = C:\Program Files\ATnotes\ATnotes.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java 1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java 1.5.0_06\bin\npjpi150_06.dll
O15 - Trusted Zone: *.dotster.com
O15 - Trusted Zone: *.dslreports.com
O15 - Trusted Zone: *.mygotvmail.com
O15 - Trusted Zone: *.newegg.com
O15 - Trusted Zone: *.radioio.com
O15 - Trusted Zone: *.registerapi.com
O15 - Trusted Zone: *.searchplay.com
O15 - Trusted Zone: *.sony.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3310362-E61C-4C6D-83DB-54A3CDB0E1D4}: NameServer = 192.168.0.25
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


I noticed there is a listing for "dmhzy.exe" ... That was one that Microsoft Anti Spyware found upon reboot after running Fixwareout. It "blocked" it ... and I went in and removed it manually in safe mode.. but the entry to run it is still there. Odd.

Any comments?

Thanks.
 
Joined
Sep 7, 2004
Messages
49,014
It is possible that dmhzy.exe will have changed to some othe dxxxx entry – fix it if it has changed


Fix these with HJT – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k

O4 - HKLM\..\Run: [dmhzy.exe] C:\WINDOWS\system32\dmhzy.exe

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\SYSTEM32\CSSZL.EXE
C:\WINDOWS\SYSTEM32\DMILL.EXE
C:\WINDOWS\system32\dmhzy.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 

pmcintire

Thread Starter
Joined
Jan 12, 2006
Messages
25
Things look like they're working smoothly. And I retract my previous statement about the Google 1 & 2. I reinstalled both Desktop, and Toolbar.. and it says 1. So, that was obviously a problem of some sort.

Here is the new HJT:

Logfile of HijackThis v1.99.1
Scan saved at 2:47:16 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Attensa\AttensaEngine.exe
C:\Program Files\[email protected]\boincmgr.exe
C:\Program Files\[email protected]\boinc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java 1.5.0_06\bin\javaw.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PluginBHO Class - {6C1178CD-2276-45FE-ACC1-02CDD2481F9D} - C:\Program Files\Attensa\AttensaIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java 1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Attensa for IE - {458E6614-0D24-415A-824A-130064AF7BF8} - C:\Program Files\Attensa\AttensaIEPlugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java 1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Attensa.lnk = C:\Program Files\Attensa\AttensaEngine.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\[email protected]\boincmgr.exe
O4 - Global Startup: ATnotes.lnk = C:\Program Files\ATnotes\ATnotes.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Attensa - Add Feed - res://C:\Program Files\Attensa\AttensaIEPlugin.dll/ContextMenu.html
O8 - Extra context menu item: Attensa - Preview Feed - res://C:\Program Files\Attensa\AttensaIEPlugin.dll/ContextMenuPreview.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java 1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java 1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: *.dotster.com
O15 - Trusted Zone: *.dslreports.com
O15 - Trusted Zone: *.mygotvmail.com
O15 - Trusted Zone: *.newegg.com
O15 - Trusted Zone: *.radioio.com
O15 - Trusted Zone: *.registerapi.com
O15 - Trusted Zone: *.searchplay.com
O15 - Trusted Zone: *.sony.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3310362-E61C-4C6D-83DB-54A3CDB0E1D4}: NameServer = 192.168.0.25
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

Any further comments? Other than the fact that I have way too many processes running and I need to find a way to streamline my system.

Thanks
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top