# Solved: Help with Internet Speed Monitor Pop Ups



## progjake (Nov 10, 2007)

I've been infected with whatever causes those anoying interneet speed monitor pop ups. When I would do a search on Google it would also give me that sidebar with additional links provided by internet speed monitor.

I've done a little bit of research and made a couple of attempts at fixing on my own without any luck. Some sites said to simply remove from Add/Remove programs, or to locate a folder called ISM or ISM2 and delete it along with all of its contents. I cannot find any of these folders on my system, yet I am getting pop ups with "From Internet Speed Monitor" in the title bar. Sometimes they have adds in them and sometimes they are a blank window with only the text "unable to connect to server".

I've run a full system scan with Symantec Antivirus, AdAware, and SUPERAntiSpywareProfessional (the free trial). Symantec and AdAware seemed to find a couple of things, but nothing related to Internet Speed Monitor. SUPERAntiSpyware found a file with ISM in the name so I thought I got it, but the pop ups are still coming.

From observing other posts I saw that a log file from Hijackthis is needed to begin the troubleshooting process, so I downloaded and ran a log file. I then exited the Hijackthis program without letting it fix anything.

I really appreciate any help that can be offered in getting this bug off of my system. Here is my log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:01 PM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE
C:\Program Files\QdrModule\QdrModule9.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://webmailb.juno.com/webmail/new/7?&count=1163126064928
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [\\MAINPC\EPSON Stylus Photo R260 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU

"C:\DOCUME~1\Adam\LOCALS~1\Temp\E_S113.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Auto EPSON Stylus Photo R260 Series on MAINPC]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU

"C:\WINDOWS\TEMP\E_S139.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.turbotax.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{103A9EC1-CA91-48E7-A1C7-48E1F9B596A6}:

NameServer = 191.168.11.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{103A9EC1-CA91-48E7-A1C7-48E1F9B596A6}:

NameServer = 191.168.11.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{103A9EC1-CA91-48E7-A1C7-48E1F9B596A6}:

NameServer = 191.168.11.22
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program

Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. -

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation

- C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec

AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec

AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8078 bytes

Thanks in advance for any help that can be offered.

progjake


----------



## progjake (Nov 10, 2007)

Bump


----------



## progjake (Nov 10, 2007)

Bump


----------



## progjake (Nov 10, 2007)

Help! . . . Bump


----------



## progjake (Nov 10, 2007)

Bump

Still in need of help. I know this is a very busy place and I don't want to be a nuisance, but I have been waiting almost 1 week without a single response to my post while I watch other posts get replys as quick as same day.

Any help at all would be greatly appreciated!


----------



## progjake (Nov 10, 2007)

*HELP!!!*


I am still in need of help and its been over a week now without any responses.

After reading other posts with Internet Speed Monitor problems I saw a common recommendation of running ComboFix, so I intalled and ran it on my computer. It stalled out the first time I ran it, so I ran it again. The postsed log from ComboFix looks like it included the results from the stalled session as well (the deleted files from previous run).

*Any help would be greatly appreciated!*

In the time I am typing this another Internet Speed Monitor add popped up, so I know its not completely fixed yet.

Here is the ComboFix log followed by another Hijackthis log:

ComboFix 07-11-08.1 - Adam 2007-11-17 12:42:02.2 - NTFSx86 
Running from: C:\Documents and Settings\Adam\Desktop\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kddmm.exe
.
---- Previous Run -------
.
C:\Documents and Settings\Adam\My Documents\SEMBLY~1
C:\Documents and Settings\Adam\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Adam\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Adam\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\Common Files\racle~1
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack9.exe
C:\Program Files\QdrPack\trgts.gz
C:\WINDOWS\asks~1

.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-17 11:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-11-15 19:11	54,272	--a------	C:\info.exe
2007-11-09 19:31 d--------	C:\Program Files\Trend Micro
2007-11-08 20:00 d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-08 19:59 d--------	C:\Program Files\SUPERAntiSpyware
2007-11-08 19:59 d--------	C:\Documents and Settings\Adam\Application Data\SUPERAntiSpyware.com
2007-11-05 20:29 d--------	C:\Program Files\QdrModule

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 19:01	---------	d-----w	C:\Program Files\Symantec AntiVirus
2007-11-13 02:29	---------	d-----w	C:\Documents and Settings\Adam\Application Data\U3
2007-11-09 01:59	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2007-11-09 00:16	---------	d-----w	C:\Program Files\Rio
2007-11-08 02:24	9,344	----a-w	C:\WINDOWS\system32\drivers\NSDriver.sys
2007-11-08 02:24	8,320	----a-w	C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-21 06:15	683,520	----a-w	C:\WINDOWS\SYSTEM32\inetcomm.dll
2002-05-28 14:19	61,440	----a-w	C:\WINDOWS\INF\i386\onetUSD.dll
2002-05-20 14:22	36,864	----a-w	C:\WINDOWS\INF\i386\Vizmicro.dll
2002-05-20 14:20	172,032	----a-w	C:\WINDOWS\INF\i386\viceo.dll
2002-05-20 14:02	225,280	----a-w	C:\WINDOWS\INF\i386\rtscan.dll
2001-08-04 00:29	13,824	----a-w	C:\WINDOWS\INF\i386\Usbscan.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe" [2004-09-28 19:26]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 18:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 08:35]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 09:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-07-13 17:34]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 06:46]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 14:52]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 11:30]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" []
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 13:03]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 06:47]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-06-20 13:06]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 19:59]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [2004-03-04 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\MAINPC\EPSON Stylus Photo R260 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.exe" [2006-05-19 03:00]
"Auto EPSON Stylus Photo R260 Series on MAINPC"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.exe" [2006-05-19 03:00]
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" [2007-11-01 13:51]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"Wdse"="C:\PROGRA~1\COMMON~1\RACLE~1\notepad.exe" []
"PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-10-15 15:16]
"Mzevnhxs"="C:\WINDOWS\?asks\n?tepad.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2005-05-11 11:37:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 BASFND;BASFND;\??\C:\Program Files\Broadcom\BACS\BASFND.sys
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caa52ce0-45a7-11da-95bd-000f1f15f315}]
\Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 13:06:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\extrac32.dll 34408 bytes
C:\WINDOWS\system32\nlsfunc.dll 63 bytes
C:\WINDOWS\system32\osuninst.dll 67584 bytes executable
C:\WINDOWS\system32\pxinsa64.dll 8173 bytes
C:\WINDOWS\system32\cmutil.cpl 864 bytes
C:\WINDOWS\system32\wupdmgr.dll 106496 bytes executable

scan completed successfully 
hidden files: 6

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\\\MAINPC\\EPSON Stylus Photo R260 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBNA.EXE /FU \"C:\\DOCUME~1\\Adam\\LOCALS~1\\Temp\\E_S113.tmp\" /EF \"HKCU\""
.
Completion time: 2007-11-17 13:13:20 - machine was rebooted 
.
--- E O F ---

Now the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:52 PM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\QdrModule\QdrModule9.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmailb.juno.com/webmail/new/7?&count=1163126064928
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKCU\..\Run: [\\MAINPC\EPSON Stylus Photo R260 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\DOCUME~1\Adam\LOCALS~1\Temp\E_S113.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Auto EPSON Stylus Photo R260 Series on MAINPC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\WINDOWS\TEMP\E_S139.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Wdse] "C:\PROGRA~1\COMMON~1\RACLE~1\notepad.exe" -vt yazb
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [Mzevnhxs] C:\WINDOWS\?asks\n?tepad.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.turbotax.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{103A9EC1-CA91-48E7-A1C7-48E1F9B596A6}: NameServer = 85.255.116.169,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B86A779-7401-4D0C-AAD4-8136E3E3E0A7}: NameServer = 85.255.116.169,85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.169 85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{103A9EC1-CA91-48E7-A1C7-48E1F9B596A6}: NameServer = 85.255.116.169,85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.169 85.255.112.101
O17 - HKLM\System\CS2\Services\Tcpip\..\{103A9EC1-CA91-48E7-A1C7-48E1F9B596A6}: NameServer = 85.255.116.169,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.169 85.255.112.101
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8803 bytes


----------



## progjake (Nov 10, 2007)

Bump

Still waiting for some help; any help at all. I am bumping this since it seems to have dropped off the 25 pages of this message board.


----------



## cybertech (Apr 16, 2002)

Closing thread per poster request.


----------

