Help - Search - Members - Calendar
Full Version: UpSpiral redirect
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
Ponfyr
Aug 12 2007, 02:29 AM
Often when I click on a link page I am redirected to UpSpiral.com. I am using Firefox.

I have installed Ad-Aware 2007 and Spybot Search and Destroy and ran both of these tools with updated software and databases.

Thanks in advance.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:28 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HPQ\Q Menu\QICON.EXE
C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\program files\dell\traytool.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Libronix DLS\System\LDLS.exe
C:\Program Files\Libronix DLS\System\LibSys.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://survey.confirmit.com/wix/p339514643...email=undefined
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.27.200:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Q Menu] C:\Program Files\HPQ\Q Menu\QICON.EXE -QICON
O4 - HKLM\..\Run: [hpqMcSrv] "C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ToolExe] c:\program files\dell\traytool.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156707225977
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156708134493
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gordeys.com
O17 - HKLM\Software\..\Telephony: DomainName = gordeys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gordeys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gordeys.com
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 16219 bytes
teacup61
Aug 12 2007, 03:41 PM
Hello Ponfyr,

Welcome to Gladiator Security Forum hello.gif

Do you know what this is? Did you set it?

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://survey.confirmit.com/wix/p339514643...email=undefined
Ponfyr
Aug 12 2007, 05:15 PM
No Teacup61, I did not install that and I don't know where it comes from.

However, to be honest, I don't know where most of the settings came from...


Ponfyr
teacup61
Aug 12 2007, 11:36 PM
Hello,

Okay. I just wanted to be sure you didn't set it. :)

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://survey.confirmit.com/wix/p339514643...email=undefined
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - AppInit_DLLs: APSHook.dll

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download the trial version of Spy Sweeper from
Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread.

Thanks,
tea
Ponfyr
Aug 13 2007, 12:59 AM
Aye Tea,


Thanks again....


7:55 PM: Removal process completed. Elapsed time 00:00:16
7:55 PM: Quarantining All Traces: burstbeacon cookie
7:55 PM: Quarantining All Traces: military cookie
7:55 PM: Quarantining All Traces: ic-live cookie
7:55 PM: Quarantining All Traces: burstnet cookie
7:55 PM: Quarantining All Traces: about cookie
7:55 PM: Quarantining All Traces: tacoda cookie
7:55 PM: Quarantining All Traces: redsheriff cookies
7:55 PM: Quarantining All Traces: mediaplex cookie
7:55 PM: Quarantining All Traces: atwola cookie
7:55 PM: Quarantining All Traces: zedo cookie
7:55 PM: Quarantining All Traces: upspiral cookie
7:55 PM: Quarantining All Traces: statcounter cookie
7:55 PM: Quarantining All Traces: questionmarket cookie
7:55 PM: Quarantining All Traces: pointroll cookie
7:55 PM: Quarantining All Traces: overture cookie
7:55 PM: Quarantining All Traces: server.iad.liveperson cookie
7:55 PM: Quarantining All Traces: 2o7.net cookie
7:55 PM: Quarantining All Traces: atlas dmt cookie
7:55 PM: Quarantining All Traces: yieldmanager cookie
7:55 PM: Quarantining All Traces: advertising cookie
7:55 PM: Removal process initiated
7:54 PM: Traces Found: 67
7:54 PM: Full Sweep has completed. Elapsed time 00:30:34
7:54 PM: File Sweep Complete, Elapsed Time: 00:23:38
Not enough storage is available to process this command
7:53 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
Not enough storage is available to process this command
7:53 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
7:44 PM: Warning: Failed to open file "c:\documents and settings\all users\drm\cache\indiv01.tmp". The operation completed successfully
7:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms174c1cdd-54e6-4562-ba9b-dc133c1fe8b9.tmp". The operation completed successfully
7:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse198066a-8590-4d09-899c-fe02bbed7db3.tmp". The operation completed successfully
7:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms4e2e943c-a138-4a6f-9cfb-a864e3bdff75.tmp". The operation completed successfully
7:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse535e504-8b36-4e14-9428-9a938d33ab79.tmp". The operation completed successfully
7:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms927e10eb-6068-463c-9712-6f187850f51c.tmp". The operation completed successfully
7:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms6053e1ac-d57d-4c2c-b13b-30da810b981f.tmp". The operation completed successfully
7:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms62e2fbfb-0e08-4735-9b17-587384657e78.tmp". The operation completed successfully
7:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsdce2b3e1-9946-421d-8771-d5eaafdc1c80.tmp". The operation completed successfully
7:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmscbbb2bb9-9c46-4f0b-a056-740ee6dcb6fc.tmp". The operation completed successfully
7:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms081f305b-9fd1-4376-ab9a-4bd286d74be1.tmp". The operation completed successfully
7:44 PM: Warning: Failed to open file "c:\documents and settings\randy gordey\application data\mozilla\firefox\profiles\9xag9aw4.default\parent.lock". The operation completed successfully
7:30 PM: Starting File Sweep
7:30 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2997)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2337)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2335)
7:30 PM: Found Spy Cookie: burstbeacon cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2996)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2996)
7:30 PM: Found Spy Cookie: military cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2821)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2821)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2821)
7:30 PM: Found Spy Cookie: ic-live cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2336)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2336)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2336)
7:30 PM: Found Spy Cookie: burstnet cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2037)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2037)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2037)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2037)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2037)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2037)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2037)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2037)
7:30 PM: Found Spy Cookie: about cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 6444)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 6444)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 6444)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 6444)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 6444)
7:30 PM: Found Spy Cookie: tacoda cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2845)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2845)
7:30 PM: Found Spy Cookie: redsheriff cookies
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 6442)
7:30 PM: Found Spy Cookie: mediaplex cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2255)
7:30 PM: Found Spy Cookie: atwola cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3762)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3762)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3762)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3762)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3762)
7:30 PM: Found Spy Cookie: zedo cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3614)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3614)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3614)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3614)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3614)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3614)
7:30 PM: Found Spy Cookie: upspiral cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3447)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3447)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3447)
7:30 PM: Found Spy Cookie: statcounter cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3148)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3148)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3148)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3217)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3148)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3148)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3148)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3148)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3148)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3217)
7:30 PM: Found Spy Cookie: questionmarket cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3148)
7:30 PM: Found Spy Cookie: pointroll cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3105)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3105)
7:30 PM: Found Spy Cookie: overture cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3341)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3341)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3341)
7:30 PM: Found Spy Cookie: server.iad.liveperson cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 1957)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 1957)
7:30 PM: Found Spy Cookie: 2o7.net cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2253)
7:30 PM: Found Spy Cookie: atlas dmt cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3751)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 3751)
7:30 PM: Found Spy Cookie: yieldmanager cookie
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2175)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2175)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2175)
7:30 PM: C:\Documents and Settings\Randy Gordey\Application Data\Mozilla\Firefox\Profiles\9xag9aw4.default\cookies.txt (ID = 2175)
7:30 PM: Found Spy Cookie: advertising cookie
7:30 PM: Starting Cookie Sweep
7:30 PM: Registry Sweep Complete, Elapsed Time:00:00:34
7:30 PM: Starting Registry Sweep
7:29 PM: Memory Sweep Complete, Elapsed Time: 00:06:09
7:23 PM: Starting Memory Sweep
7:23 PM: Start Full Sweep
7:23 PM: Sweep initiated using definitions version 966
Keylogger: Off
E-mail Attachment: On
7:21 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
7:21 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
7:20 PM: Shield States
7:20 PM: License Check Status (0): Success
7:20 PM: Spyware Definitions: 966
7:19 PM: Spy Sweeper 5.5.7.48 started
7:19 PM: Spy Sweeper 5.5.7.48 started
7:19 PM: | Start of Session, Sunday, August 12, 2007 |
***************
teacup61
Aug 13 2007, 02:16 AM
Hello,

I see SpySweeper got the cookies.......how is it running now? Could you please post a new HijackThis log?

Thanks,
tea
Ponfyr
Aug 13 2007, 11:31 AM
Tea,

I think it is running O.K. I have not surfed much at all since first posting here for help.

Ponfyr



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:42 AM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HPQ\Q Menu\QICON.EXE
C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\program files\dell\traytool.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Portable PuTTY\putty.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.27.200:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PTHOSTTR] "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Q Menu] "C:\Program Files\HPQ\Q Menu\QICON.EXE" -QICON
O4 - HKLM\..\Run: [hpqMcSrv] "C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [ToolExe] "c:\program files\dell\traytool.exe"
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [CognizanceTS] "rundll32.exe" C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156707225977
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156708134493
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gordeys.com
O17 - HKLM\Software\..\Telephony: DomainName = gordeys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gordeys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gordeys.com
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 16415 bytes
Ponfyr
Aug 13 2007, 09:27 PM
Tea,

O.K. I was wrong. If I type in ‘blah’ in the address bar of either Internet Explorer or Firefox the www.upspirial.com page pops up.

Ponfyr
teacup61
Aug 14 2007, 08:25 PM
Hello,

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Ponfyr
Aug 14 2007, 08:44 PM
O.K. Tea, Thanks Again


ComboFix 07-08-14.6 - "Randy Gordey" 2007-08-14 15:35:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.110 [GMT -5:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\RANDYG~1\Desktop.\internet explorer.lnk


((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))


2007-08-14 15:33 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-12 19:15 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-08-12 19:15 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-08-12 19:15 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-08-12 19:15 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-08-12 19:15 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2007-08-12 19:15 <DIR> d-------- C:\Program Files\Webroot
2007-08-12 19:15 <DIR> d-------- C:\DOCUME~1\RANDYG~1\APPLIC~1\Webroot
2007-08-12 19:15 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-08-12 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-08-12 19:14 164 --a------ C:\install.dat
2007-08-11 20:41 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-11 19:34 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-11 19:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-11 19:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-05 13:11 139,264 --a------ C:\WINDOWS\system32\igfxres.dll
2007-08-05 12:38 <DIR> d-------- C:\Program Files\iTunes
2007-08-05 12:38 <DIR> d-------- C:\Program Files\iPod
2007-07-22 18:50 <DIR> d-------- C:\Program Files\Sokol & Associates
2007-07-21 21:33 <DIR> d-------- C:\Program Files\Kiax0.8.51
2007-07-21 17:06 <DIR> d-------- C:\Program Files\XtremePhone
2007-07-21 16:15 <DIR> d-------- C:\Program Files\CounterPath
2007-07-21 16:15 <DIR> d-------- C:\Program Files\Common Files\Intel
2007-07-21 16:02 <DIR> d-------- C:\Program Files\Free World Dialup


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-11 19:37 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-11 19:37 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-10 22:44 --------- d-------- C:\DOCUME~1\RANDYG~1\APPLIC~1\.purple
2007-08-10 16:08 --------- d-------- C:\Program Files\Pidgin
2007-08-10 16:08 --------- d-------- C:\Program Files\Common Files\GTK
2007-08-09 06:38 --------- d-------- C:\Program Files\Xming
2007-08-06 20:28 --------- d-------- C:\Program Files\Portable PuTTY
2007-08-02 06:03 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-07-23 12:45 --------- d-------- C:\Program Files\WinSCP
2007-07-21 16:02 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-18 07:23 --------- d-------- C:\DOCUME~1\RANDYG~1\APPLIC~1\Apple Computer
2007-07-16 19:20 --------- d-------- C:\DOCUME~1\RANDYG~1\APPLIC~1\MySQL
2007-07-15 12:40 --------- d-------- C:\Program Files\QuickTime
2007-07-12 19:16 --------- d-------- C:\DOCUME~1\RANDYG~1\APPLIC~1\dvdcss
2007-07-12 18:43 --------- d-------- C:\DOCUME~1\RANDYG~1\APPLIC~1\PCF-VLC
2007-07-12 17:55 --------- d-------- C:\DOCUME~1\RANDYG~1\APPLIC~1\vlc
2007-07-12 17:54 --------- d-------- C:\Program Files\VideoLAN
2007-07-12 17:48 --------- d-------- C:\DOCUME~1\RANDYG~1\APPLIC~1\Participatory Culture Foundation
2007-07-12 17:47 --------- d-------- C:\Program Files\Participatory Culture Foundation
2007-07-03 14:30 --------- d-------- C:\Program Files\BOINC
2007-07-01 14:52 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-30 19:31 --------- d-------- C:\DOCUME~1\RANDYG~1\APPLIC~1\Subcommander
2007-06-26 15:35 --------- d-------- C:\DOCUME~1\RANDYG~1\APPLIC~1\gtk-2.0
2007-06-25 20:02 --------- d-------- C:\Program Files\7-Zip
2007-06-24 14:56 38920 --a------ C:\WINDOWS\system32\drivers\btcusb.sys
2007-06-24 14:56 15368 --a------ C:\WINDOWS\system32\btinstall.dll
2007-06-21 14:34 --------- d-------- C:\Program Files\BabasChess
2007-06-20 07:18 --------- d-------- C:\Program Files\Aspell
2007-06-19 16:26 86016 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-06-19 16:26 84760 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-06-19 16:26 57344 --a------ C:\WINDOWS\system32\oemdspif.dll
2007-06-19 16:26 524288 --a------ C:\WINDOWS\system32\igldev32.dll
2007-06-19 16:26 49152 --a------ C:\WINDOWS\system32\ialmrem.dll
2007-06-19 16:26 457496 --a------ C:\WINDOWS\system32\igfxcfg.exe
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\igfxexps.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuTRK.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuTHA.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuSVE.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuRUS.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuPTG.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuPTB.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuPLK.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuNOR.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuNLD.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuKOR.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuJPN.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuITA.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuHUN.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuHEB.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuFRC.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuFRA.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuFIN.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuESP.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuENG.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuELL.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuDEU.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuDAN.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuCSY.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuCHT.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuCHS.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuARB.dll
2007-06-19 16:26 40960 --a------ C:\WINDOWS\system32\ialmuARA.dll
2007-06-19 16:26 2318336 --a------ C:\WINDOWS\system32\iglicd32.dll
2007-06-19 16:26 170776 --a------ C:\WINDOWS\system32\igfxsrvc.exe
2007-06-19 16:26 143360 --a------ C:\WINDOWS\system32\igfxpph.dll
2007-06-19 16:26 139264 --a------ C:\WINDOWS\system32\igfxdev.dll
2007-06-19 16:26 125720 --a------ C:\WINDOWS\system32\igfxpers.exe
2007-06-19 16:26 121624 --a------ C:\WINDOWS\system32\igfxzoom.exe
2007-06-19 16:26 121624 --a------ C:\WINDOWS\system32\ialmudlg.exe
2007-06-19 16:26 1169980 --a------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2007-06-19 16:26 101144 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-06-19 16:26 101144 --a------ C:\WINDOWS\system32\igfxext.exe
2007-06-19 07:59 12782 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-06-18 16:24 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-16 07:34 --------- d-------- C:\Program Files\Hewlett-Packard
2007-05-16 10:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2005-01-06 20:00]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-25 22:10]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 11:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 14:41]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-06-08 16:02]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 05:12 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 20:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 13:38]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-07-13 16:02]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 18:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 18:15]
"Q Menu"="C:\Program Files\HPQ\Q Menu\QICON.exe" [2004-10-20 16:24]
"hpqMcSrv"="C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" [2005-06-27 16:38]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 03:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 03:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 18:17]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 10:57]
"ToolExe"="c:\program files\dell\traytool.exe" [2003-04-18 15:45]
"Logitech Utility"="LOGI_MWX.EXE" [2003-12-17 11:50 C:\WINDOWS\LOGI_MWX.EXE]
"BluetoothAuthenticationAgent"="rundll32.exe" [2005-01-06 20:00 C:\WINDOWS\system32\rundll32.exe]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 18:00]
"CognizanceTS"="rundll32.exe" [2005-01-06 20:00 C:\WINDOWS\system32\rundll32.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2005-01-06 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2005-01-06 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2005-01-06 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2005-01-06 20:00]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 04:41]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2005-07-22 22:25]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2007-07-22 21:17]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-07 12:09]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 14:18]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 12:19]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 12:17]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 07:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-19 16:26]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-19 16:26]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-19 16:26]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 09:55]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 14:54]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 14:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-01-06 20:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 23:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=%windir%\help\wizard.hta

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-05-31 16:29:16]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2006-07-21 18:35:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2005-01-06 20:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2006-09-09 04:15 63488 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-29 05:41 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2006-11-01 09:18 32256 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli AsWlnPkg

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R1 ClntMgmt.sys;ClntMgmt.sys;C:\WINDOWS\system32\Drivers\ClntMgmt.sys
R2 ASBroker;Logon Session Broker;C:\WINDOWS\System32\svchost.exe -k Cognizance
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe -k Cognizance
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
R3 HBtnKey;HP Tablet PC Key Buttons HID Driver;C:\WINDOWS\system32\DRIVERS\CPQBttn.sys
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
R3 WacomISDPen;Wacom Penabled HID MiniDriver;C:\WINDOWS\system32\DRIVERS\wacomisdpen.sys
S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASBroker ASChannel


Contents of the 'Scheduled Tasks' folder
2007-08-12 14:34:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 15:39:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-14 15:40:16
C:\ComboFix-quarantined-files.txt ... 2007-08-14 15:40

--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:24 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HPQ\Q Menu\QICON.EXE
C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\program files\dell\traytool.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Portable PuTTY\putty.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Xming\Xming.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.27.200:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PTHOSTTR] "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Q Menu] "C:\Program Files\HPQ\Q Menu\QICON.EXE" -QICON
O4 - HKLM\..\Run: [hpqMcSrv] "C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [ToolExe] "c:\program files\dell\traytool.exe"
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [CognizanceTS] "rundll32.exe" C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156707225977
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156708134493
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gordeys.com
O17 - HKLM\Software\..\Telephony: DomainName = gordeys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gordeys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gordeys.com
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 16277 bytes
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.