1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Virus, Spyware, Problems....I got them all...Help!!!

Discussion in 'Virus & Other Malware Removal' started by amogh_nayak, Jul 16, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. amogh_nayak

    amogh_nayak Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    4
    Have a host of problems including pop-ups, Explorer crashing and what not (and Vundo!!)...Hoping to get some help..

    Below is my Hijackthis log :
    Logfile of HijackThis v1.99.1
    Scan saved at 11:27:23 PM, on 7/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\UMCSTUB.EXE
    C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
    C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\SxpInst\sxplog32.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Fanso\fanso_user.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Documents and Settings\amogh_n\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: 172.25.214.227 blrkecruanrelws
    O1 - Hosts: 172.16.200.133 peiis
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {22777971-3E23-4134-866B-AA4EA248C8B4} - C:\WINDOWS\system32\pmnon.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O2 - BHO: (no name) - {6D486398-BEDA-4EE5-9418-4CFA0CFA0098} - C:\WINDOWS\system32\cbxxy.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\gebaxxv.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PmProxy] "C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe"
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
    O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [Realtime Monitor] "C:\PROGRA~1\CA\ETRUST~1\realmon.exe" -s
    O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe
    O4 - HKLM\..\Run: [CA-AMAgent] C:\Program Files\CA\UAM\Agents\amagent.exe
    O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Fanso SmartCard Tool] "C:\Program Files\Fanso\fanso_user.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKLM\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"
    O4 - HKLM\..\Run: [{ZN}] "C:\Documents and Settings\amogh_n\Local Settings\Temp\TICHD003.exe" CHD003
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe"
    O4 - Startup: TA_Start.lnk = C:\Documents and Settings\amogh_n\Local Settings\Temp\TICHD003.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: *.adxgate.net (HKLM)
    O15 - Trusted Zone: *.errorprotector.com (HKLM)
    O15 - Trusted Zone: *.errorsafe.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.snipenet.net (HKLM)
    O15 - Trusted Zone: *.sxload.net (HKLM)
    O15 - Trusted Zone: *.systemdoctor.com (HKLM)
    O15 - Trusted Zone: *.winantivirus.com (HKLM)
    O15 - Trusted Zone: *.winfixer.com (HKLM)
    O16 - DPF: Project Office 4.0 - http://peiis/ProjectOffice/POBin/cabs/poexpress.cab
    O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://www.winantivirus.com/downloa...wp_wa7p_us_en_ed1&lid=288&affid=pp_1136830114
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.infosys.com
    O17 - HKLM\Software\..\Telephony: DomainName = ad.infosys.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.infosys.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = win.dowjones.net,dowjones.com,dowjones.net,mcn.dowjones.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.infosys.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = win.dowjones.net,dowjones.com,dowjones.net,mcn.dowjones.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = win.dowjones.net,dowjones.com,dowjones.net,mcn.dowjones.com
    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    O20 - AppInit_DLLs: RCEnumDD.dll
    O20 - Winlogon Notify: cbxxy - C:\WINDOWS\system32\cbxxy.dll (file missing)
    O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
    O20 - Winlogon Notify: gebaxxv - gebaxxv.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: pmnon - C:\WINDOWS\system32\pmnon.dll (file missing)
    O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINDOWS\UMCSTUB.EXE
    O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DM Primer (DMPrimer) - Unknown owner - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe" -DMPRIMER_SERVICE_: (file missing)
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NHService - Unknown owner - E:\NewHorizons\Components\bin\Shell.Utilities.Service.exe (file missing)
    O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
    O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    O23 - Service: Asset Management SW Meter Agent (SWMSVC) - Computer Associates International, Inc. - C:\Program Files\CA\UAM\Agents\SWMSvc.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    If you have vundofix, remove it and get the current version

    Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
    Double-click VundoFix.exe to run it.
    click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

    Please let Vundo finish its thing, sometimes it can take multiple passes
    ====================
    Download Superantispyware (SAS)

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This can take a while!
     
  3. amogh_nayak

    amogh_nayak Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    4
    Thanks a whole lot for your quick reply!!1

    Did the vundo fix...Ran it twice and it ran successfully!!! but I did keep getting some messageswhen I was running the spyware detection program..

    Here are the logs
    SuperAntiSpyware
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/17/2007 at 00:13 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3270
    Trace Rules Database Version: 1281

    Scan type : Quick Scan
    Total Scan Time : 00:00:23

    Memory items scanned : 0
    Memory threats detected : 0
    Registry items scanned : 0
    Registry threats detected : 0
    File items scanned : 0
    File threats detected : 0

    VundoFix


    Beginning removal...

    VundoFix V6.5.1

    Checking Java version...

    Scan started at 2:06:21 AM 6/24/2007

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    VundoFix V6.5.1

    Checking Java version...

    Scan started at 10:50:36 AM 6/24/2007

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    VundoFix V6.5.6

    Checking Java version...

    Scan started at 10:28:51 PM 7/16/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\cbxxy.dll
    C:\WINDOWS\system32\gebaxxv.dll
    C:\WINDOWS\system32\nonmp.bak1
    C:\WINDOWS\system32\nonmp.bak2
    C:\WINDOWS\system32\nonmp.ini
    C:\WINDOWS\system32\pmnon.dll
    C:\WINDOWS\system32\yxxbc.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\nonmp.bak1
    C:\WINDOWS\system32\nonmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nonmp.bak2
    C:\WINDOWS\system32\nonmp.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nonmp.ini
    C:\WINDOWS\system32\nonmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yxxbc.ini
    C:\WINDOWS\system32\yxxbc.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.6

    Checking Java version...

    Scan started at 11:08:32 PM 7/16/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\cbxxy.dll
    C:\WINDOWS\system32\pmnon.dll

    Beginning removal...

    Performing Repairs to the registry.
    Done!

    Hijackthis
    Logfile of HijackThis v1.99.1
    Scan saved at 12:53:16 AM, on 7/17/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\UMCSTUB.EXE
    C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
    C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\notepad.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\amogh_n\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: 172.25.214.227 blrkecruanrelws
    O1 - Hosts: 172.16.200.133 peiis
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PmProxy] "C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe"
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
    O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [Realtime Monitor] "C:\PROGRA~1\CA\ETRUST~1\realmon.exe" -s
    O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe
    O4 - HKLM\..\Run: [CA-AMAgent] C:\Program Files\CA\UAM\Agents\amagent.exe
    O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Fanso SmartCard Tool] "C:\Program Files\Fanso\fanso_user.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKLM\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: TA_Start.lnk = C:\Documents and Settings\amogh_n\Local Settings\Temp\TICHD003.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: *.adxgate.net (HKLM)
    O15 - Trusted Zone: *.errorprotector.com (HKLM)
    O15 - Trusted Zone: *.snipenet.net (HKLM)
    O15 - Trusted Zone: *.sxload.net (HKLM)
    O15 - Trusted Zone: *.systemdoctor.com (HKLM)
    O16 - DPF: Project Office 4.0 - http://peiis/ProjectOffice/POBin/cabs/poexpress.cab
    O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://www.winantivirus.com/downloa...wp_wa7p_us_en_ed1&lid=288&affid=pp_1136830114
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.infosys.com
    O17 - HKLM\Software\..\Telephony: DomainName = ad.infosys.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.infosys.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = win.dowjones.net,dowjones.com,dowjones.net,mcn.dowjones.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.infosys.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = win.dowjones.net,dowjones.com,dowjones.net,mcn.dowjones.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = win.dowjones.net,dowjones.com,dowjones.net,mcn.dowjones.com
    O20 - AppInit_DLLs: RCEnumDD.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: cbxxy - C:\WINDOWS\system32\cbxxy.dll (file missing)
    O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
    O20 - Winlogon Notify: gebaxxv - gebaxxv.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: pmnon - C:\WINDOWS\system32\pmnon.dll (file missing)
    O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINDOWS\UMCSTUB.EXE
    O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DM Primer (DMPrimer) - Unknown owner - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe" -DMPRIMER_SERVICE_: (file missing)
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NHService - Unknown owner - E:\NewHorizons\Components\bin\Shell.Utilities.Service.exe (file missing)
    O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
    O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    O23 - Service: Asset Management SW Meter Agent (SWMSVC) - Computer Associates International, Inc. - C:\Program Files\CA\UAM\Agents\SWMSvc.exe


    Will keep running vundofix and SuperAntiSpyware
    Thanks,
    Amogh
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Where is the SAS log????


    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    O1 - Hosts: 172.25.214.227 blrkecruanrelws

    O1 - Hosts: 172.16.200.133 peiis

    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 –k

    O4 - HKLM\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"

    O4 - HKCU\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe"

    O4 - Startup: TA_Start.lnk = C:\Documents and Settings\amogh_n\Local Settings\Temp\TICHD003.exe

    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

    O15 - Trusted Zone: *.adxgate.net (HKLM)

    O15 - Trusted Zone: *.errorprotector.com (HKLM)

    O15 - Trusted Zone: *.snipenet.net (HKLM)

    O15 - Trusted Zone: *.sxload.net (HKLM)

    O15 - Trusted Zone: *.systemdoctor.com (HKLM)

    O20 - AppInit_DLLs: RCEnumDD.dll

    O20 - Winlogon Notify: cbxxy - C:\WINDOWS\system32\cbxxy.dll (file missing)

    O20 - Winlogon Notify: gebaxxv - gebaxxv.dll (file missing)

    O20 - Winlogon Notify: pmnon - C:\WINDOWS\system32\pmnon.dll (file missing)

    O23 - Service: NHService - Unknown owner - E:\NewHorizons\Components\bin\Shell.Utilities.Service.exe (file missing)

    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\Program Files\xloadnet
    C:\Program Files\Outerinfo

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  5. amogh_nayak

    amogh_nayak Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    4
    I did post the SAS log...It was a quickscan and didnt have much (Before that, it crashed and didnt leave a log)..Anyways, here's the truncated log when I tried it sometime this afternoon (Before using your suggestions and killbox etc)..Truncating cos techguy does not allow more than 30K characters
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/17/2007 at 11:17 AM


    Scan type : Complete Scan
    Total Scan Time : 00:52:15

    Memory items scanned : 679
    Memory threats detected : 0
    Registry items scanned : 6497
    Registry threats detected : 0
    File items scanned : 29042
    File threats detected : 330

    Adware.Tracking Cookie
    C:\Documents and Settings\amogh_n\Cookies\[email protected][6].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][5].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][5].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected]interactive[2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][11].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][4].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][5].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][6].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][7].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][8].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][9].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][4].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][5].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected]a[1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][4].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][5].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][7].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][5].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][6].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][3].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][5].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][2].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][1].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][4].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][5].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][6].txt
    C:\Documents and Settings\amogh_n\Cookies\[email protected][7].txt

    Trojan.Rootkit-TnCore/Installer
    C:\DOCUMENTS AND SETTINGS\AMOGH_N\LOCAL SETTINGS\TEMP\CHDPAD.EXE

    Adware.ClickSpring/Outer Info Network-Installer
    C:\DOCUMENTS AND SETTINGS\AMOGH_N\LOCAL SETTINGS\TEMP\OINADINST.EXE

    Trojan.ErrorSafe
    C:\DOCUMENTS AND SETTINGS\AMOGH_N\LOCAL SETTINGS\TEMP\SOEHIY6F.EXE



    **************************************

    When I followed your new suggestions, Hijackit gave an error while cleanup (Didnt say much what). So, I rebooted and reran hijack-it. All entries you had specified went away, so I guess it did its job. then ran killbox. For outerinfo, it said the file does not exist. It did clean up xloadnet.

    After all this, havent had a pop-up for a while, so things seem much better. Thanks a whole lot!!

    Here's the latest hijack-it log
    Logfile of HijackThis v1.99.1
    Scan saved at 12:39:17 AM, on 7/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\UMCSTUB.EXE
    C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
    C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\SxpInst\sxplog32.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Fanso\fanso_user.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\amogh_n\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PmProxy] "C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe"
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
    O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [Realtime Monitor] "C:\PROGRA~1\CA\ETRUST~1\realmon.exe" -s
    O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe
    O4 - HKLM\..\Run: [CA-AMAgent] C:\Program Files\CA\UAM\Agents\amagent.exe
    O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Fanso SmartCard Tool] "C:\Program Files\Fanso\fanso_user.exe"
    O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: Project Office 4.0 - http://peiis/ProjectOffice/POBin/cabs/poexpress.cab
    O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://www.winantivirus.com/downloa...wp_wa7p_us_en_ed1&lid=288&affid=pp_1136830114
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.infosys.com
    O17 - HKLM\Software\..\Telephony: DomainName = ad.infosys.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.infosys.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = win.dowjones.net,dowjones.com,dowjones.net,mcn.dowjones.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.infosys.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = win.dowjones.net,dowjones.com,dowjones.net,mcn.dowjones.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = win.dowjones.net,dowjones.com,dowjones.net,mcn.dowjones.com
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINDOWS\UMCSTUB.EXE
    O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DM Primer (DMPrimer) - Unknown owner - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe" -DMPRIMER_SERVICE_: (file missing)
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
    O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    O23 - Service: Asset Management SW Meter Agent (SWMSVC) - Computer Associates International, Inc. - C:\Program Files\CA\UAM\Agents\SWMSvc.exe
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/596400

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice