0

Hi Malware Gurus,

I am suffering this problem for more than 3 months, totally frustrated now and switched to the safe Mozilla Firefox and Opera browsers.
Months back, Internet Explorer wont open properly so I tried uninstalling it but still the same problems.
Nowadays, when I work in Firefox, all of sudden IE appears in a half-hanged mode, flickering and strange characters appearing. The only option then is to right-click the icon in taskbar and click close. This gets accompanied by heavy whirling of the fan also.

After going thru couple of threads, I downloaded HijackThis and did a scan as below. Can you please help and advise which is the baddie, I just feel like killing it rightaway, just tell me who it is. I am sorry this is a long list, but really appreciate if someone could please help. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 12:17:47 AM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\TNGSD\BIN\triggusr.exe
C:\SxpInst\sxplog32.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpamBlockerUtility\SBTV\SBTV.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbSrv.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107D98AE75760EA83FA5EF80752B94E2DC7B587A422C37C6 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\spamblockerutility\sbtv\sbtvhelper.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\\sxpstub.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.172.28.170.63
O15 - Trusted Zone: http://edox.axa-advisors.com
O15 - Trusted Zone: http://www.axadistributors.com
O15 - Trusted Zone: http://adr.axaonline.com
O15 - Trusted Zone: http://alerts.axaonline.com
O15 - Trusted Zone: http://inotes.axaonline.com
O15 - Trusted Zone: http://owaexec.axaonline.com
O15 - Trusted Zone: http://preprod.axaonline.com
O15 - Trusted Zone: http://reportcenter.axaonline.com
O15 - Trusted Zone: http://snwtiwp1.axaonline.com
O15 - Trusted Zone: http://test.axaonline.com
O15 - Trusted Zone: http://wtiwebopt.axaonline.com
O15 - Trusted Zone: http://www.axaonline.com
O15 - Trusted Zone: http://*.axaonline.com
O15 - Trusted Zone: http://www.chase.com
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://cld.equitable.com
O15 - Trusted Zone: http://csessbi1.equitable.com
O15 - Trusted Zone: http://edox.equitable.com
O15 - Trusted Zone: http://eqlink.equitable.com
O15 - Trusted Zone: http://mpgpln.equitable.com
O15 - Trusted Zone: http://servicedesk.equitable.com
O15 - Trusted Zone: http://snwttwp1.equitable.com
O15 - Trusted Zone: http://srsprod.equitable.com
O15 - Trusted Zone: http://www.examone.com
O15 - Trusted Zone: http://advisor.fidelity.com
O15 - Trusted Zone: http://axa.financialcampus.com
O15 - Trusted Zone: http://axa-advisors.financialcampus.com
O15 - Trusted Zone: http://archive.frontbridge.com
O15 - Trusted Zone: http://w4.iscorp.com
O15 - Trusted Zone: http://access.jpmorgan.com
O15 - Trusted Zone: http://tssportal.jpmorgan.com
O15 - Trusted Zone: http://www.jpmorgan.com
O15 - Trusted Zone: http://www.jpmorganchase.com
O15 - Trusted Zone: http://www.macnamee.com
O15 - Trusted Zone: http://research.media.com
O15 - Trusted Zone: http://advtools.morningstar.com
O15 - Trusted Zone: http://www.myexamone.com
O15 - Trusted Zone: http://apps.questerra.com
O15 - Trusted Zone: http://www.questerra.com
O15 - Trusted Zone: http://www.seagullsw.com
O15 - Trusted Zone: http://*.servicedeskr11
O15 - Trusted Zone: http://www.smartmoney.com
O15 - Trusted Zone: http://*.snj1acsun21
O15 - Trusted Zone: http://*.snj1acsun22
O15 - Trusted Zone: http://*.snj1afsap33
O15 - Trusted Zone: http://*.snj1afsapdev07
O15 - Trusted Zone: http://*.sny2afsun36
O15 - Trusted Zone: http://*.sny2afsus02
O15 - Trusted Zone: http://*.172.28.170.63 (HKLM)
O15 - Trusted Zone: http://edox.axa-advisors.com (HKLM)
O15 - Trusted Zone: http://www.axadistributors.com (HKLM)
O15 - Trusted Zone: http://adr.axaonline.com (HKLM)
O15 - Trusted Zone: http://alerts.axaonline.com (HKLM)
O15 - Trusted Zone: http://inotes.axaonline.com (HKLM)
O15 - Trusted Zone: http://owaexec.axaonline.com (HKLM)
O15 - Trusted Zone: http://preprod.axaonline.com (HKLM)
O15 - Trusted Zone: http://reportcenter.axaonline.com (HKLM)
O15 - Trusted Zone: http://snwtiwp1.axaonline.com (HKLM)
O15 - Trusted Zone: http://test.axaonline.com (HKLM)
O15 - Trusted Zone: http://wtiwebopt.axaonline.com (HKLM)
O15 - Trusted Zone: http://www.axaonline.com (HKLM)
O15 - Trusted Zone: http://*.axaonline.com (HKLM)
O15 - Trusted Zone: http://www.chase.com (HKLM)
O15 - Trusted Zone: http://www.comcast.net (HKLM)
O15 - Trusted Zone: http://cld.equitable.com (HKLM)
O15 - Trusted Zone: http://csessbi1.equitable.com (HKLM)
O15 - Trusted Zone: http://edox.equitable.com (HKLM)
O15 - Trusted Zone: http://eqlink.equitable.com (HKLM)
O15 - Trusted Zone: http://mpgpln.equitable.com (HKLM)
O15 - Trusted Zone: http://servicedesk.equitable.com (HKLM)
O15 - Trusted Zone: http://snwttwp1.equitable.com (HKLM)
O15 - Trusted Zone: http://srsprod.equitable.com (HKLM)
O15 - Trusted Zone: http://www.examone.com (HKLM)
O15 - Trusted Zone: http://advisor.fidelity.com (HKLM)
O15 - Trusted Zone: http://axa.financialcampus.com (HKLM)
O15 - Trusted Zone: http://axa-advisors.financialcampus.com (HKLM)
O15 - Trusted Zone: http://archive.frontbridge.com (HKLM)
O15 - Trusted Zone: http://w4.iscorp.com (HKLM)
O15 - Trusted Zone: http://access.jpmorgan.com (HKLM)
O15 - Trusted Zone: http://tssportal.jpmorgan.com (HKLM)
O15 - Trusted Zone: http://www.jpmorgan.com (HKLM)
O15 - Trusted Zone: http://www.jpmorganchase.com (HKLM)
O15 - Trusted Zone: http://www.macnamee.com (HKLM)
O15 - Trusted Zone: http://research.media.com (HKLM)
O15 - Trusted Zone: http://research.mediasource.com (HKLM)
O15 - Trusted Zone: http://advtools.morningstar.com (HKLM)
O15 - Trusted Zone: http://www.myexamone.com (HKLM)
O15 - Trusted Zone: http://apps.questerra.com (HKLM)
O15 - Trusted Zone: http://www.questerra.com (HKLM)
O15 - Trusted Zone: http://www.seagullsw.com (HKLM)
O15 - Trusted Zone: http://*.servicedeskr11 (HKLM)
O15 - Trusted Zone: http://www.smartmoney.com (HKLM)
O15 - Trusted Zone: http://*.snj1acsun21 (HKLM)
O15 - Trusted Zone: http://*.snj1acsun22 (HKLM)
O15 - Trusted Zone: http://*.snj1afsap33 (HKLM)
O15 - Trusted Zone: http://*.snj1afsapdev07 (HKLM)
O15 - Trusted Zone: http://*.sny2afsun36 (HKLM)
O15 - Trusted Zone: http://*.sny2afsus02 (HKLM)
O15 - Trusted IP range: http://141.191.182.8
O15 - Trusted IP range: http://141.191.182.8 (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://asia-ml01.asia.csc.com/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120671730650
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = axafinancialsvc.axa-financial.intraxa
O17 - HKLM\Software\..\Telephony: DomainName = axafinancialsvc.axa-financial.intraxa
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = axafinancialsvc.axa-financial.intraxa
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = equitable.com,na.axa-tech.intraxa,axafinancialsvc.axa-financial.intraxa,equitable.com,axa-financial.intraxa
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = equitable.com,na.axa-tech.intraxa,axafinancialsvc.axa-financial.intraxa,equitable.com,axa-financial.intraxa
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINDOWS\UMCSTUB.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\CA_LIC\lic98rmtd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DM Primer (DMPrimer) - Unknown owner - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe" -DMPRIMER_SERVICE_: (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\CA_LIC\LogWatNT.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\TNGSD\BIN\SDServ.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

2
Contributors
6
Replies
7
Views
10 Years
Discussion Span
Last Post by crunchie
0

Can you please do the following.


===============

Download the newest version of HiJackThis; version 2.0.2. Place it in a permanent folder before scanning. Repost your log after following the steps below. This version has features that might be more helpful in 'cleaning' up your system.

===============

Scan with HijackThis and then place a check next to all the following, if present:


O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107D98AE75760EA83FA5EF80752B94E2DC7B587A422C37C6 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\spamblockerutility\sbtv\sbtvhelper.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O2 - BHO: msdn_lib.msdn_hlp - {7C2F2C76-1489-450D-B8FB-0B9692D788F9} - C:\WINDOWS\system32\msdn_lib.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)

O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll

O4 - Global Startup: Bluetooth.lnk = ?

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\ShoppingReport
c:\program files\spamblockerutility

files...

C:\WINDOWS\system32\msdn_lib.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

0

Thank you!!

So far, I was able to
a) download new version of HijackThis and fix the mentioned list of items
b) delete 2 folders and 1 file in Safe Mode
c) download SmitFraudFix and select option 1
BUT
option 1 showed "Access Denied" couple of times on the blue screen as shown below and closed immediately. So I could not generate the scan text file using SmitFraudFix.
SmitFraudFix v2.242
Access is denied.

Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Scanning Process…
Access is denied.
Access is denied.

Please advise further

0

Also, I am pasting the scan file after following the mentioned steps (except SmitFraudFix) using HijackThis if this helps.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:58 AM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\SxpInst\sxplog32.exe
C:\TNGSD\BIN\triggusr.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\\sxpstub.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.172.28.170.63
O15 - Trusted Zone: http://edox.axa-advisors.com
O15 - Trusted Zone: http://www.axadistributors.com
O15 - Trusted Zone: http://adr.axaonline.com
O15 - Trusted Zone: http://alerts.axaonline.com
O15 - Trusted Zone: http://inotes.axaonline.com
O15 - Trusted Zone: http://owaexec.axaonline.com
O15 - Trusted Zone: http://preprod.axaonline.com
O15 - Trusted Zone: http://reportcenter.axaonline.com
O15 - Trusted Zone: http://snwtiwp1.axaonline.com
O15 - Trusted Zone: http://test.axaonline.com
O15 - Trusted Zone: http://wtiwebopt.axaonline.com
O15 - Trusted Zone: http://www.axaonline.com
O15 - Trusted Zone: http://*.axaonline.com
O15 - Trusted Zone: http://www.chase.com
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://cld.equitable.com
O15 - Trusted Zone: http://csessbi1.equitable.com
O15 - Trusted Zone: http://edox.equitable.com
O15 - Trusted Zone: http://eqlink.equitable.com
O15 - Trusted Zone: http://mpgpln.equitable.com
O15 - Trusted Zone: http://servicedesk.equitable.com
O15 - Trusted Zone: http://snwttwp1.equitable.com
O15 - Trusted Zone: http://srsprod.equitable.com
O15 - Trusted Zone: http://www.examone.com
O15 - Trusted Zone: http://advisor.fidelity.com
O15 - Trusted Zone: http://axa.financialcampus.com
O15 - Trusted Zone: http://axa-advisors.financialcampus.com
O15 - Trusted Zone: http://archive.frontbridge.com
O15 - Trusted Zone: http://w4.iscorp.com
O15 - Trusted Zone: http://access.jpmorgan.com
O15 - Trusted Zone: http://tssportal.jpmorgan.com
O15 - Trusted Zone: http://www.jpmorgan.com
O15 - Trusted Zone: http://www.jpmorganchase.com
O15 - Trusted Zone: http://www.macnamee.com
O15 - Trusted Zone: http://research.media.com
O15 - Trusted Zone: http://advtools.morningstar.com
O15 - Trusted Zone: http://www.myexamone.com
O15 - Trusted Zone: http://apps.questerra.com
O15 - Trusted Zone: http://www.questerra.com
O15 - Trusted Zone: http://www.seagullsw.com
O15 - Trusted Zone: http://*.servicedeskr11
O15 - Trusted Zone: http://www.smartmoney.com
O15 - Trusted Zone: http://*.snj1acsun21
O15 - Trusted Zone: http://*.snj1acsun22
O15 - Trusted Zone: http://*.snj1afsap33
O15 - Trusted Zone: http://*.snj1afsapdev07
O15 - Trusted Zone: http://*.sny2afsun36
O15 - Trusted Zone: http://*.sny2afsus02
O15 - Trusted Zone: http://*.172.28.170.63 (HKLM)
O15 - Trusted Zone: http://edox.axa-advisors.com (HKLM)
O15 - Trusted Zone: http://www.axadistributors.com (HKLM)
O15 - Trusted Zone: http://adr.axaonline.com (HKLM)
O15 - Trusted Zone: http://alerts.axaonline.com (HKLM)
O15 - Trusted Zone: http://inotes.axaonline.com (HKLM)
O15 - Trusted Zone: http://owaexec.axaonline.com (HKLM)
O15 - Trusted Zone: http://preprod.axaonline.com (HKLM)
O15 - Trusted Zone: http://reportcenter.axaonline.com (HKLM)
O15 - Trusted Zone: http://snwtiwp1.axaonline.com (HKLM)
O15 - Trusted Zone: http://test.axaonline.com (HKLM)
O15 - Trusted Zone: http://wtiwebopt.axaonline.com (HKLM)
O15 - Trusted Zone: http://www.axaonline.com (HKLM)
O15 - Trusted Zone: http://*.axaonline.com (HKLM)
O15 - Trusted Zone: http://www.chase.com (HKLM)
O15 - Trusted Zone: http://www.comcast.net (HKLM)
O15 - Trusted Zone: http://cld.equitable.com (HKLM)
O15 - Trusted Zone: http://csessbi1.equitable.com (HKLM)
O15 - Trusted Zone: http://edox.equitable.com (HKLM)
O15 - Trusted Zone: http://eqlink.equitable.com (HKLM)
O15 - Trusted Zone: http://mpgpln.equitable.com (HKLM)
O15 - Trusted Zone: http://servicedesk.equitable.com (HKLM)
O15 - Trusted Zone: http://snwttwp1.equitable.com (HKLM)
O15 - Trusted Zone: http://srsprod.equitable.com (HKLM)
O15 - Trusted Zone: http://www.examone.com (HKLM)
O15 - Trusted Zone: http://advisor.fidelity.com (HKLM)
O15 - Trusted Zone: http://axa.financialcampus.com (HKLM)
O15 - Trusted Zone: http://axa-advisors.financialcampus.com (HKLM)
O15 - Trusted Zone: http://archive.frontbridge.com (HKLM)
O15 - Trusted Zone: http://w4.iscorp.com (HKLM)
O15 - Trusted Zone: http://access.jpmorgan.com (HKLM)
O15 - Trusted Zone: http://tssportal.jpmorgan.com (HKLM)
O15 - Trusted Zone: http://www.jpmorgan.com (HKLM)
O15 - Trusted Zone: http://www.jpmorganchase.com (HKLM)
O15 - Trusted Zone: http://www.macnamee.com (HKLM)
O15 - Trusted Zone: http://research.media.com (HKLM)
O15 - Trusted Zone: http://research.mediasource.com (HKLM)
O15 - Trusted Zone: http://advtools.morningstar.com (HKLM)
O15 - Trusted Zone: http://www.myexamone.com (HKLM)
O15 - Trusted Zone: http://apps.questerra.com (HKLM)
O15 - Trusted Zone: http://www.questerra.com (HKLM)
O15 - Trusted Zone: http://www.seagullsw.com (HKLM)
O15 - Trusted Zone: http://*.servicedeskr11 (HKLM)
O15 - Trusted Zone: http://www.smartmoney.com (HKLM)
O15 - Trusted Zone: http://*.snj1acsun21 (HKLM)
O15 - Trusted Zone: http://*.snj1acsun22 (HKLM)
O15 - Trusted Zone: http://*.snj1afsap33 (HKLM)
O15 - Trusted Zone: http://*.snj1afsapdev07 (HKLM)
O15 - Trusted Zone: http://*.sny2afsun36 (HKLM)
O15 - Trusted Zone: http://*.sny2afsus02 (HKLM)
O15 - Trusted IP range: http://141.191.182.8
O15 - Trusted IP range: http://141.191.182.8 (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://asia-ml01.asia.csc.com/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120671730650
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = axafinancialsvc.axa-financial.intraxa
O17 - HKLM\Software\..\Telephony: DomainName = axafinancialsvc.axa-financial.intraxa
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = axafinancialsvc.axa-financial.intraxa
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = equitable.com,na.axa-tech.intraxa,axafinancialsvc.axa-financial.intraxa,equitable.com,axa-financial.intraxa
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = equitable.com,na.axa-tech.intraxa,axafinancialsvc.axa-financial.intraxa,equitable.com,axa-financial.intraxa
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINDOWS\UMCSTUB.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\CA_LIC\lic98rmtd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DM Primer (DMPrimer) - Computer Associates - C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\CA_LIC\LogWatNT.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Remote Control\rcHost.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\TNGSD\BIN\SDServ.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 16052 bytes

0

Are you editing the hijackthis log before you post it? There are several running processes that should be showing up that are not there.

Can you please do the following.


===============

Scan with HijackThis and then place a check next to all the following, if present:


O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Try running Smitfraudfix again. Try doing it when logged in as Administrator. If still no luck, boot to safe mode and log in as Administrator and try again.

0

No, I did not edit the log, pasted as-is.
But Guess what, my internet explorer problem is resolved. I couldnt thank you more for helping me, this had been such a pain in the neck. Since yesterday, ever since I fixed the files that you asked me to, it seems history. THANK YOU VERY MUCH for helping guys like me, its a great relief.

Also, do you know how could I get Admin rights on this computer? This is my office comp but I hardly do any office stuff here.

Thanks a bunch,
a rescued survivor :)

0

You should be able to get admin rights through user accounts in Control Panel. When you log on in safe mode, you will get the option to log in as administrator.
Glad to help out too :)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.