1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

XP Antimalware (Fakerean) - many issues

Discussion in 'Virus & Other Malware Removal' started by cxm322, Apr 8, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. cxm322

    cxm322 Thread Starter

    Joined:
    Oct 7, 2003
    Messages:
    111
    Hi,

    On 4-7-2010 I made the mistake of letting my nephew use my PC. He visited some site or downloaded something that really messed my PC up.

    It seems I have acquired Fakerean and possibly other malwares. Initially, I could barely use my PC. At startup, some scareware program named XP Antimalware would popup once Windows loaded in and I really could not do anything else (could not use any browsers and a lot of freezing). I read somewhere to delete ave.exe so I did that and now that XP Antimalware scareware program does not load in anymore. I can now surf the web using IE and FireFox but I still have a host of other problems...

    1. Cannot access/edit my registry. I get the dialog box that says "Registry editing has been disabled by your adminstrator".

    2. I cannot run Malwarebytes. I even tried a fresh install but still no luck. The program simply will no tload up and never shows on Task Mgr either.

    3. Every once in a while a noise or song will play randomly on my PC. THis morning it was about 60 seconds of "God Bless America".

    4. There are many files on my PC that should not be there and I cannot delete them because Windows says they are being used. Some examples are: kbaouli.dll, 1732.exe, geeedd.dll and probably many any others I am not aware of yet.

    5. New files seem to be generated at times. The 1732.exe file I mentioned above is new. Never saw it til today even though has a file creation date of 4-14-2008.

    6. IE browser seems compromised. When I use it, I hear clicking noises every so often like as if I am clicking on links but I am not. I also keep getting a dialog box to download a file (can't remember the name). Random webpages keep opening up in new tabs. (BTW, when I use IE, I use a shell browser called Avant browser, have been using this for many years now). At times new pages open up in new tabs and all the page displays is a seemingly random string of charachters like "dm50cxjk30xjerzv34dfkdf"

    7. Right before Windows loads in and you get the blue welcome screen, the blank screen before it flashes 4 or 5 white lines very quickly (never did this before) which also makes the startup a bit longer than usual.

    8. My TrendMicro no longer loads in at startup.

    There are probably a few other problems I am experiencing but this should be enough for you to go on for now.

    I have done a Spybot scan so far but no other scans. I did not want to have files removed as I was afraid other issues may arise. I believe, from what little I have read on Freakrean, I not only have files that are messing up my system, but registry changes have been made so I want to proceed with caution and with the help of a professional here at TG at this point.

    Help would be appreciated. I use my PC for non-pleasure purposes and would like to get these issues cleaned up without having to wipe my drive and start new.

    Here is my HJT log...

    Logfile of HijackThis v1.99.1
    Scan saved at 9:08:38 AM, on 4/8/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\DOCUME~1\user\LOCALS~1\Temp\debug.exe
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
    C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Locate32\Locate32.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?zx=c6w6xtfibkts&shva=1#inbox
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
    O2 - BHO: C:\WINDOWS\system32\kbauoli.dll - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\kbauoli.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\RoboForm\roboform.dll
    O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ssrpmjsys] rundll32.exe "geeedd.dll",DllRegisterServer
    O4 - HKLM\..\Run: [yabcdddrv] rundll32.exe "vttrsr.dll",s
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunOnce: [TSC] "C:\Program Files\Trend Micro\Internet Security\tsc.exe" /HD
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\DOCUME~1\user\LOCALS~1\Temp\debug.exe
    O4 - HKCU\..\Run: [mplay32xe.exe] C:\DOCUME~1\user\LOCALS~1\Temp\mplay32xe.exe
    O4 - HKCU\..\Run: [yaaayvdrv] rundll32.exe "vttrsr.dll",s
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Flash - res://d:\Program Files\Flash Saving Plugin\FlashSButton.dll/210
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
    O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: app_dll.dll
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: peresvc Service (peresvc) - Neto systems - C:\WINDOWS\system32\PereSvc.exe
    O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service (file missing)
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
     
  2. cxm322

    cxm322 Thread Starter

    Joined:
    Oct 7, 2003
    Messages:
    111
    Just an update. Tonight, many more processes showed up in my task manager that I never saw before...

    winamp.exe (I have not used or installed winamp for at least 7 years now and never had it on this particular PC)
    win.exe
    user.exe
    nvsvc.exe
    opear.exe
    login.exe
    hexdump.exe
    drweb.exe
    avp.exe
    avp32.exe
    iexplArer.exe
    mdm.exe
    smss.exe

    Also...

    There are 2 spoolsv.exe's running

    There are 2 lsass.exe running when normally there is only 1.

    There are also 2 csrss.exe running.

    Sometimes there are 2 winlogon.exe running

    Some of these may be legit but I just never noticed them before. However, the vast majority I believe are not legit and part of my recent malware attack.
     
  3. cxm322

    cxm322 Thread Starter

    Joined:
    Oct 7, 2003
    Messages:
    111
    Another update.

    One of the websites that opens up in my IE browser once in a while is...

    http://www.weathertalkz.com/web.php...704a2f130d52523699df96133b52f778558b.1.150093

    I have seen others but this one is the most frequent one.

    BTW, these updates I am posting are not so as to bump the thread for faster service. I am just reporting new info so as to help the person who eventually helps me to figure out a good plan of attack. I appreciate help ASAP but I understand I must wait my turn.

    -----

    Another update.

    Another site that opens up is...

    http://www.redlineroofing.com/web.p...04a2f130d52523699df96133b52f778558b.1.2361468
     
  4. cxm322

    cxm322 Thread Starter

    Joined:
    Oct 7, 2003
    Messages:
    111
    Another update...

    Was able to run a scan with trend micro by reinstalling trend micro. Found a lot of trojans and removed them. But cannot
    seem to generate a log file ot post here.

    Also, I just realized that my System Restore tab is missing from my System Properties dialog box. :(

    Lots of problems here. Hoping to get help soon.

    Here is a new HJT Log...

    Logfile of HijackThis v1.99.1
    Scan saved at 10:53:24 AM, on 4/10/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17023)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    c:\program files\java\jre6\bin\jusched .exe
    c:\program files\powerdvd\pdvdserv .exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    c:\program files\realtek\diagnostics utility\8169diag .exe
    c:\program files\windows media player\wmpnscfg .exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Avant Browser\avant.exe
    c:\docume~1\user\locals~1\temp\ctv31132 .exe
    C:\Program Files\Locate32\Locate32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?zx=c6w6xtfibkts&shva=1#inbox
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: C:\WINDOWS\system32\kbauoli.dll - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - (no file)
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\RoboForm\roboform.dll
    O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [yabcdddrv] rundll32.exe "vttrsr.dll",s
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
    O4 - HKLM\..\RunOnce: [TSC] "C:\Program Files\Trend Micro\Internet Security\tsc.exe" /HD
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [mplay32xe.exe] C:\DOCUME~1\user\LOCALS~1\Temp\mplay32xe.exe
    O4 - HKCU\..\Run: [yaaayvdrv] rundll32.exe "vttrsr.dll",s
    O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\DOCUME~1\user\LOCALS~1\Temp\winamp.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Flash - res://d:\Program Files\Flash Saving Plugin\FlashSButton.dll/210
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
    O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service (file missing)
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
     
  5. cxm322

    cxm322 Thread Starter

    Joined:
    Oct 7, 2003
    Messages:
    111
    Just wondering, I posted approx 5 days ago and no one has responded yet. I see newer threads started getting replies within 1 or 2 days. Was I overloked or have I done somehting wrong? :( I would appreciate some help. :)
     
  6. cxm322

    cxm322 Thread Starter

    Joined:
    Oct 7, 2003
    Messages:
    111
    Sorry to see that no one wants to help me. It's been 10 days since I posted my problem here and not even so much as to tell me what I did wrong to not get help or anything. :( I have gotten very friendly and prompt help from TSG forum in the past but I am afraid I am afraid that I will have to start seeking help elsewhere from now on. Too bad because I really liked this forum. Been a member here for many years now (7 years or so). Good luck to you all. :(
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/915570

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice