Jump to content


Photo

Computer keeps sending out the same emails over and over


  • This topic is locked This topic is locked
6 replies to this topic

#1 texwinter

texwinter

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 29 June 2007 - 12:59 AM

Howdy folks,

I have a computer hooked up to satellite internet (starband.net). I have tried using online virus checkers, but they keep timing out. I am running Kaspersky Antivirus, Webroot Spysweeper, but my machine just sends out the same emails over and over, and some have an attachment with *.eml file. I hope someone sees something in this HijackThis file. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 6:53:57 PM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\StarBand\Mission Control\HsuGui\HsuGuiControl.exe
C:\Program Files\StarBand\Mission Control\TaskBarClient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gilat\QMS\QMS.exe
C:\Program Files\Gilat\GSU\GSU.exe
C:\Program Files\Gilat\IBQoS\ibqossvc.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
C:\Program Files\GILAT\Internet Page Accelerator\RPAService.exe
C:\PROGRA~1\GILAT\INTERN~1\AS_Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Flash Networks\NettGain2000\Bst\Srvany.exe
C:\Program Files\Flash Networks\NettGain2000\Bst\WgwMngr.exe
C:\Program Files\Gilat\NetAgent.exe
C:\PROGRA~1\StarBand\MISSIO~1\evrep.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
K:\hijackthis\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by StarBand
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9877
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\KHALMNPR.Exe
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Logitech\Video\CameraAssistant.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Logitech\Video\InstallHelper.exe" /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] "C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE"
O4 - HKLM\..\Run: [MDDiskProtect.exe] "C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe"
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RetroExpress] "C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe" /h
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HsuGuiControl] "C:\Program Files\StarBand\\Mission Control\HsuGui\HsuGuiControl.exe"
O4 - HKLM\..\Run: [TaskBarClient] "C:\Program Files\StarBand\\Mission Control\TaskBarClient.exe"
O4 - HKLM\..\Run: [NettGain2000 Verifier] "C:\Program Files\Flash Networks\NettGain2000\Bst\NettGain2000 Verifier.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunServices: [NettGain2000] "C:\Program Files\Flash Networks\NettGain2000\Bst\WgwMngr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O13 - DefaultPrefix:
O14 - IERESET.INF: START_PAGE_URL=http://register.starband.net
O15 - Trusted Zone: *.fnismls.com
O15 - Trusted Zone: *.getmedianow.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.virtualearth.net
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://wvmls.fnismls...rintControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://shutterbug.in...x/PCAXSetup.cab?
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Gilat Quality Measurement Service (Gilat QMS) - Gilat Satellite Networks Ltd. - C:\Program Files\Gilat\QMS\QMS.exe
O23 - Service: Gilat host software update service (GilatHSU) - Gilat Satellite Networks Ltd. - C:\Program Files\Gilat\GSU\GSU.exe
O23 - Service: Gilat Network Agent Service (GilatNetAgent) - Gilat Satellite Networks Ltd. - C:\Program Files\Gilat\NetAgent.exe
O23 - Service: Gilat IBQoS Agent (ibqossvc) - Gilat Satellite Networks Ltd. - C:\Program Files\Gilat\IBQoS\ibqossvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: RPAService - Unknown owner - C:\Program Files\GILAT\Internet Page Accelerator\RPAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WgwService - Unknown owner - C:\Program Files\Flash Networks\NettGain2000\Bst\Srvany.exe

#2 texwinter

texwinter

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 02 July 2007 - 05:06 PM

Hi all,

I am still having the same issues. Any help would be appreciated.

Howdy folks,

I have a computer hooked up to satellite internet (starband.net). I have tried using online virus checkers, but they keep timing out. I am running Kaspersky Antivirus, Webroot Spysweeper, but my machine just sends out the same emails over and over, and some have an attachment with *.eml file. I hope someone sees something in this HijackThis file. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 6:53:57 PM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\StarBand\Mission Control\HsuGui\HsuGuiControl.exe
C:\Program Files\StarBand\Mission Control\TaskBarClient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gilat\QMS\QMS.exe
C:\Program Files\Gilat\GSU\GSU.exe
C:\Program Files\Gilat\IBQoS\ibqossvc.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
C:\Program Files\GILAT\Internet Page Accelerator\RPAService.exe
C:\PROGRA~1\GILAT\INTERN~1\AS_Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Flash Networks\NettGain2000\Bst\Srvany.exe
C:\Program Files\Flash Networks\NettGain2000\Bst\WgwMngr.exe
C:\Program Files\Gilat\NetAgent.exe
C:\PROGRA~1\StarBand\MISSIO~1\evrep.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
K:\hijackthis\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by StarBand
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9877
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\KHALMNPR.Exe
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Logitech\Video\CameraAssistant.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Logitech\Video\InstallHelper.exe" /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] "C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE"
O4 - HKLM\..\Run: [MDDiskProtect.exe] "C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe"
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RetroExpress] "C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe" /h
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HsuGuiControl] "C:\Program Files\StarBand\\Mission Control\HsuGui\HsuGuiControl.exe"
O4 - HKLM\..\Run: [TaskBarClient] "C:\Program Files\StarBand\\Mission Control\TaskBarClient.exe"
O4 - HKLM\..\Run: [NettGain2000 Verifier] "C:\Program Files\Flash Networks\NettGain2000\Bst\NettGain2000 Verifier.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunServices: [NettGain2000] "C:\Program Files\Flash Networks\NettGain2000\Bst\WgwMngr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O13 - DefaultPrefix:
O14 - IERESET.INF: START_PAGE_URL=http://register.starband.net
O15 - Trusted Zone: *.fnismls.com
O15 - Trusted Zone: *.getmedianow.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.virtualearth.net
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://wvmls.fnismls...rintControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://shutterbug.in...x/PCAXSetup.cab?
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Gilat Quality Measurement Service (Gilat QMS) - Gilat Satellite Networks Ltd. - C:\Program Files\Gilat\QMS\QMS.exe
O23 - Service: Gilat host software update service (GilatHSU) - Gilat Satellite Networks Ltd. - C:\Program Files\Gilat\GSU\GSU.exe
O23 - Service: Gilat Network Agent Service (GilatNetAgent) - Gilat Satellite Networks Ltd. - C:\Program Files\Gilat\NetAgent.exe
O23 - Service: Gilat IBQoS Agent (ibqossvc) - Gilat Satellite Networks Ltd. - C:\Program Files\Gilat\IBQoS\ibqossvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
O23 - Service: RPAService - Unknown owner - C:\Program Files\GILAT\Internet Page Accelerator\RPAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WgwService - Unknown owner - C:\Program Files\Flash Networks\NettGain2000\Bst\Srvany.exe



#3 suebaby41

suebaby41

    Advanced Member

  • Full Member
  • PipPipPip
  • 165 posts

Posted 05 July 2007 - 12:28 PM

Welcome to the SpywareInfo Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please observe the following guidelines:During the cleaning process, if any other issues appear, please let us know.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (United Network of Instructors and Trained Eliminators)
Graduate of Malware Removal University

Join The Fight Against Malware

#4 texwinter

texwinter

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 08 July 2007 - 06:41 PM

I have not used the computer since I posted the HijackThis log, so nothing has changed. Any help is appreciated.

#5 suebaby41

suebaby41

    Advanced Member

  • Full Member
  • PipPipPip
  • 165 posts

Posted 21 July 2007 - 11:57 AM

Sorry for the delay in responding. Please post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (United Network of Instructors and Trained Eliminators)
Graduate of Malware Removal University

Join The Fight Against Malware

#6 suebaby41

suebaby41

    Advanced Member

  • Full Member
  • PipPipPip
  • 165 posts

Posted 21 July 2007 - 06:21 PM

I have some suggestions. If this does not fix your problem, let me know.

Step 1

I noticed that you have some programs that need to be updated.

Your Java Runtime Environment is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer after all Java components are removed.
Please download the latest Java Runtime Environment.
  • Scroll down to where it says Java Runtime Environment (JRE) 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • On your desktop, double-click on jre-6-windows-i586.exe to install the newest version.
After you have installed the Java software on your computer, you must restart your browser. You can verify that Java Runtime Environment (RTE) has been installed correctly by clicking on the Verify Installation button on the JAVA SOFTWARE MANUAL DOWNLOAD page.

Step 2

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 3

To help prevent further infection, please download SpywareBlaster. SpywareBlaster helps to:
  • Prevent the installation of Active X-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
  • Please check this link, Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware for instructions on how to download, install, and use SpywareBlaster.
Step 4

Please print out the following instructions as this page will be unavailable to you while you are working in Safe Mode.

Please download and install AVG Anti-Spyware (formerly Ewido).
  • Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security:
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active Internet connection to perform this)
    • Wait until you see the Update successful message.
  • Right-click the AVG Anti-Spyware Tray Icon. and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  • If you are having problems with the updater, you can use this link, AVG Anti-Spyware manual updates, to manually update AVG Anti-Spyware..
  • Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Scan With AVG Anti-Spyware. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process.
  • Close ALL open Windows / Programs / Folders. Reboot to Safe Mode (without networking support !) If you donít know how to boot in Safe Mode, here is a tutorial, How To Start Windows in Safe Mode.
  • Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All boxes should be checked.
      • Under Possibly unwanted software:
        • All boxes should be checked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
  • Reboot in Normal Mode.
Step 5

In Normal Mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Microô HouseCall
Windows Live Safety Center Free Online Scan
When you have completed the scans, if you get a report of files that canít be cleaned / deleted, make a note of the file location of anything that cannot be deleted so you can delete it yourself. Please edit the log(s) and remove:
  • items listed as "Object is locked skipped"
  • items reported that are in an antivirus quarantine folder
Please post the edited list in your next reply.


Step 6

The ATF-Cleaner program is for XP and Windows 2000 only.[/b]
ATF-Cleaner features include:
  • Cleaning of all user temp folders, administrator only can use this feature.
  • Cleaning of the Java cache, which seems to be harboring more and more malware.
  • Cleaning the cache, cookies, history, download history, visited links and saved passwords. You have the option of checking no if you want to save your passwords.
Please download the ATF-Cleaner by Atribune.
Instructions:
  • Double-click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch (Windows XP) only
    • Java Cache
  • The rest are optional - if you want to remove them all, check Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
If you use the Firefox browser:
  • Click Firefox at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use the Opera browser:
  • Click Opera at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
If needed, Tutorial on ATF Cleaner with pictures.
Do not run it yet.

Step 7

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present


The O6's above should only be present for one or more of the following reasons:
  • You set the restrictions on purpose.
  • You used an anti-spyware program like Spybot -S&D's Home Page and Option Lock down features in the Immunize section of Spybot-S&D.
  • Your workplace administrator or network administrator set the restrictions.
If none of the above reasons apply, check them to be fixed with HijackThis.

Step 8

We need to disable Windows Defender's realtime protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender
  • Click on Tools
  • Click on General Settings
  • Scroll down to Real-time protection options
  • Uncheck Turn on Real-time protection (recommended)
  • Click Save
  • Exit the program.
Note: After all of the fixes are complete, it is very important that you enable Real-time Protection again.

Step 9

We need to disable the TrojanHunter Guard Realtime Monitor as it may interfere with the fixes that we need to make. To disable TrojanHunter Guard:
  • Right click on the icon in your System Tray.
  • Click Exit
  • Make sure that the program, TrojanHunter itself, is also closed/not running.
Step 10

We need to disable Spy Sweeper. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix.
  • Open Spy Sweeper
  • Click Options
  • Click Program Options
  • Uncheck Load at windows startup.
  • Click Shields
  • Uncheck everything.
  • Uncheck Home Page Shield.
  • Uncheck Automatically restore default without notification.
Don't forget to reinstate Spy Sweeper when your machine is clean by re-checking everything you unchecked above.

Step 11

Please disconnect from the Internet. Please close ALL browser windows (including this one).

Step 12

Now we will address the HijackThis fixes.

Please run HijackThis and click Scan Place checks next to the following entries (make sure not to miss any):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O13 Ė DefaultPrefix:


These are optional fixes. These programs are not required to start automatically as you can start them manually if you need them. It is advised that you disable these programs so that they do not take up necessary resources. Many users have reported these processes slow their boot time. Please run HijackThis and click Scan. Place checks next to the following entries.

hpsysdrv.exe (HP Utility To Monitor Recoveries) process can be removed to free up resources without compromising system performance. hpsysdrv.exe is a utility from HP which monitors how many recoveries have been made in Microsoft Office suite. This is a non-essential process. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

HDAudPropShortcut.exe (High Definition Audio Property Page Shortcut) process can be removed to free up resources without compromising system performance. HDAudPropShortcut.exe (High Definition Audio Property Page Shortcut) is Realtek audio card related - probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

hkcmd.exe (Intel 810 and 815 chipset graphic drivers) process can be removed to free up resources without compromising system performance. Installed by the Intel 810 and 815 chipset graphic drivers. If you want the Ctrl+Alt+F12 or similar key presses to access Intel's customized graphics properties, you need it, otherwise not. Can be disabled via the Display Properties in Control Panel. This is a valid program, but it is up to you whether or not you want it to run on startup. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [HotKeysCmds C:\WINDOWS\system32\hkcmd.exe


KBD.EXE (Multimedia keyboard manager)
process can be removed to free up resources without compromising system performance. Whether or not you need to run this program on startup must be decided by you. Multimedia keyboard manager. Required if you use the multimedia keys, If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

soundman.exe (Realtek AC97 Audio Sound Manager) process can be removed to free up resources without compromising system performance. System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

ALCWZRD.EXE (RealTek High Definition audio driver related) process can be removed to free up resources without compromising system performance. RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM......Run: [AlcWzrd] ALCWZRD.EXE

lsburnwatcher.exe process can be removed to free up resources without compromising system performance. Used for automatically updating HP programs. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

Khalmnpr.exe (Logitech Bluetooth mouse Hardware Abstraction layer) process can be removed to free up resources without compromising system performance. Logitech Bluetooth mouse Hardware Abstraction layer. A "hardware abstraction layer" is an interface that enables adding support for new devices and new ways of connecting devices to the computer, without modifying every application that uses the device. "This process is Logitech's mouse sensitivity monitor. When you enable Logitech's own sensitivity management, this process is required. This will allow you to change sensitivity on a per program level using their profile manager inside SetPoint." Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

MediaLifeService.exe (MediaPlay Cordless Mouse from Logitech) process can be removed to free up resources without compromising system performance. Related to MediaPlay Cordless Mouse from Logitech. User's choice - depends whether a user deems it necessary. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"

CameraAssistant.exe (Logitech QuickCams) process can be removed to free up resources without compromising system performance. Related to Logitech QuickCams and provides additional configuration options for these devices. This is a valid program but it is not required to run on startup as you can start it manually if you need it. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Logitech\Video\CameraAssistant.exe"

InstallHelper.exe (LogitechVideo[inspector]) process can be removed to free up resources without compromising system performance. Related to QuickCam software from Logitech. Note: Located in C:\Program Files\Logitech\Video\. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe

ElkCtrl.exe (Logitech Camera Service)
process can be removed to free up resources without compromising system performance. Related to Logitech Camera Service and provides additional configuration options for these devices. This is a valid program but it is not required to run on startup as you can start it manually if you need it. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation

Macvntfy.exe (Mediafour Xplay) process can be removed to free up resources without compromising system performance. Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularly, start manually before connecting the iPod. This is a valid program, but it is up to you whether or not you want it to run on startup. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto

Xptryicn.exe (Mediafour Xplay Tray Notification Icon) process can be removed to free up resources without compromising system performance. Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod. This is a valid program, but it is up to you whether or not you want it to run on startup. This program is not required to start automatically as you can start it manually if you need it. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] "C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE"

mddiskprotect.exe (MediaFour MacDrive for Windows)
process can be removed to free up resources without compromising system performance. This is a valid program but it is not required to run on startup. This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [MDDiskProtect.exe] "C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe"

HPWuSchd2.exe and HPWuSchd.exe (HP software updates) process can be removed to free up resources without compromising system performance. This is the HP software updates. If a shortcut doesn't exist, create your own and run it manually This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

msnmsgr.exe (MSN Messenger From Microsoft) (Windows Messenger) is the Microsoft instant messaging program built into Windows XP. There is also a Windows Messenger service built into Windows XP that helps produce pop up ads via IP addresses. The two programs are completely separate and do different things even though Microsoft has essentially named them the same. MSN Messenger from Microsoft is an online chat, instant messaging program and file sharing program bundled with Windows and Microsoft Office. MSN Messenger is another chat program from Microsoft that can run simultaneously with Windows Messenger. If you don't use Windows Messenger, you can
  • Rename the "Messenger" folder.
  • Uninstall, Stop, Disable or Remove "Windows Messenger".
Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
msmsgs.exe (MSN Messenger Internet chat tool) is the main process relating to the MSN Messenger Internet chat tool installed by default on most Windows computers. The Windows Messenger from Microsoft provides Online Chat and Instant Messaging. If you don't use Windows Messenger, you can
  • Rename the "Messenger" folder.
  • Uninstall, Stop, Disable or Remove "Windows Messenger".
A tray bar is also installed alongside this process for easy access to its features which include Internet chat, file sharing and audio/video conferencing. This is a non-essential process. Disabling or enabling it is down to user preference. process can be removed to free up resources without compromising system performance. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

IDriverT.exe (InstallShield- InstallDriver Table Manager) process can be removed to free up resources without compromising system performance. idrivert.exe is a process which belongs to the InstallShield product installation service which should only appear when you are installing a new piece of software. This program is not required to start automatically as you can start it manually if you need it. To change to Manual:
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for the service identified in the 023 line of HijackThis and double-click on it.
  • Change the Startup Type: to Manual.
  • Hit the OK button and close the Computer Management screen.
Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

ipodservice.exe is a process belonging to Apple's iTunes peer-to-peer download tool. The ipodservice.exe process is a utility used to download mp3 files for your iPod. If you do not use it, or do not have an iPod, you can safely disable this process. This process can be removed to free up resources without compromising system performance. It is advised that you disable this program so that it does not take up necessary resources. To disable ipodservice, click Start > Settings > Control Panel > Performance and Maintenance > Administrative Tools > Services. Find the IpodService, Right-click and select Properties. Change the setting in StartUp type: to Disabled or click Start > Run. Type services.msc Find the IpodService, Right-click and select Properties. Change the setting in StartUp type to Disabled to disable the service. Item(s) to fix in HijackThis:

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

If you did not add the listed domains to the Trusted Zones yourself, have HijackThis fix them.

O15 - Trusted Zone: *.fnismls.com
O15 - Trusted Zone: *.getmedianow.com
O15 - Trusted Zone: *.live.com
O15 - Trusted Zone: *.virtualearth.net


Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 13

Letís run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

[color="blue"]Step 14

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post the logs from [b]AVG Anti-Spyware
and the list of filenames and locations for any files that canít be cleaned / deleted that were reported after you completed the online scans.

Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (United Network of Instructors and Trained Eliminators)
Graduate of Malware Removal University

Join The Fight Against Malware

#7 suebaby41

suebaby41

    Advanced Member

  • Full Member
  • PipPipPip
  • 165 posts

Posted 19 August 2007 - 05:17 PM

This subject is now closed. If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (United Network of Instructors and Trained Eliminators)
Graduate of Malware Removal University

Join The Fight Against Malware




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button