# Can't get rid of Internet speed monitor



## 1sunday (Aug 14, 2007)

Can anyone help me get rid of Internet speed monitor, BndDrive.dll, and ISMModule 2? I have tried a search and pulled up the files thinking I could just delete them from my system but the system will not allow it. I am a beginner when it comes to these problems and I am trying to avoid taking it to the shop. PLEASE HELP!


----------



## MFDnNC (Sep 7, 2004)

*Click here* to download *HJTInstall.exe*

Save *HJTInstall.exe* to your desktop.
Doubleclick on the *HJTInstall.exe* icon on your desktop.
By default it will install to *C:\Program Files\Trend Micro\HijackThis* . 
Click on *Install*.
It will create a HijackThis icon on the desktop.
Once installed, it will launch *Hijackthis*.
Click on the *Do a system scan and save a logfile* button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


----------



## 1sunday (Aug 14, 2007)

1sunday said:


> Can anyone help me get rid of Internet speed monitor, BndDrive.dll, and ISMModule 2? I have tried a search and pulled up the files thinking I could just delete them from my system but the system will not allow it. I am a beginner when it comes to these problems and I am trying to avoid taking it to the shop. PLEASE HELP!


MFDnNC
I hope I haven't missed you. I was having some difficulty navigating the site. Here is the infor you requested.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:55 PM, on 8/14/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CAPM1RSK.EXE
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\winnt\system32\ljdsrngq.exe
C:\Program Files\ISM\ISMModule2.exe
C:\WINNT\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BndDrive BHO Class - {9815DA81-2E0C-478c-90E4-06E474E704D0} - C:\Program Files\ISM\BndDrive.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB002" /M "Stylus C88"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\mwinkmdt.exe CHD003
O4 - HKLM\..\Run: [{F1-14-42-20-ZN}] C:\winnt\system32\ljdsrngq.exe CHD003
O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Task Manager.lnk = C:\WINNT\system32\taskmgr.exe
O4 - Startup: TA_Start.lnk = C:\WINNT\system32\ljdsrngq.exe
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\mwinkmdt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ventana de estado de Canon PC1200 iC D600 iR1200G.LNK = C:\WINNT\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/UnSkin/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - https://care.alltel.com/lwp/static/installers/ALLTELControls.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

--
End of file - 7172 bytes


----------



## MFDnNC (Sep 7, 2004)

*NOTE: If you have downloaded ComboFix previously please delete that version and download it again!*

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note: 
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
·	It will ask if you want to update the program definitions, click Yes.
·	Under Configuration and Preferences, click the Preferences button.
·	Click the Scanning Control tab.
·	Under Scanner Options make sure the following are checked:
o	Close browsers before scanning
o	Scan for tracking cookies
o	Terminate memory threats before quarantining.
o	Please leave the others unchecked.
o	Click the Close button to leave the control center screen.
·	On the main screen, under Scan for Harmful Software click Scan your computer.
·	On the left check C:\Fixed Drive.
·	On the right, under Complete Scan, choose Perform Complete Scan.
·	Click Next to start the scan. Please be patient while it scans your computer.
·	After the scan is complete a summary box will appear. Click OK.
·	Make sure everything in the white box has a check next to it, then click Next.
·	It will quarantine what it found and if it asks if you want to reboot, click Yes.
·	To retrieve the removal information for me please do the following:
o	After reboot, double-click the SUPERAntispyware icon on your desktop.
o	Click Preferences. Click the Statistics/Logs tab.
o	Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o	It will open in your default text editor (such as Notepad/Wordpad).
o	Please highlight everything in the notepad, then right-click and choose copy.
·	Click close and close again to exit the program.
·	Please paste that information here for me regardless of what it finds *with a new HijackThis log*.

This will take some time!!!!!!!!


----------



## 1sunday (Aug 14, 2007)

-Rickets; large forehead; test came back for STD&#8217;s; very little health history information on this child due to Russian adoption


----------



## 1sunday (Aug 14, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:25 PM, on 8/15/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CAPM1RSK.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\winnt\system32\ljdsrngq.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ISM\ISMModule2.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINNT\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\explorer.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINNT\system32\l3acdb.dll
O2 - BHO: BndDrive BHO Class - {9815DA81-2E0C-478c-90E4-06E474E704D0} - C:\Program Files\ISM\BndDrive.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB002" /M "Stylus C88"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\mwinkmdt.exe CHD003
O4 - HKLM\..\Run: [{F1-14-42-20-ZN}] C:\winnt\system32\ljdsrngq.exe CHD003
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Task Manager.lnk = C:\WINNT\system32\taskmgr.exe
O4 - Startup: TA_Start.lnk = C:\WINNT\system32\ljdsrngq.exe
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\mwinkmdt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ventana de estado de Canon PC1200 iC D600 iR1200G.LNK = C:\WINNT\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/UnSkin/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - https://care.alltel.com/lwp/static/installers/ALLTELControls.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

--
End of file - 7661 bytes


----------



## MFDnNC (Sep 7, 2004)

I take this seriously - if post 5 is what you think then we are done, otherwise do as I posted in post 4


----------



## 1sunday (Aug 14, 2007)

Please overlook post #5. I was working on typing a medical file for a client and that information was still in my past cache. This is the information that you requested. So far no pop ups! 
How often should the registry be cleared? Any program that you would recommend?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:50 AM, on 8/17/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE
C:\WINNT\system32\CAPM1RSK.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\taskmgr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB002" /M "Stylus C88"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\mwinkmdt.exe CHD003
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Task Manager.lnk = C:\WINNT\system32\taskmgr.exe
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\mwinkmdt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ventana de estado de Canon PC1200 iC D600 iR1200G.LNK = C:\WINNT\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/UnSkin/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - https://care.alltel.com/lwp/static/installers/ALLTELControls.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

--
End of file - 6224 bytes

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/17/2007 at 01:07 AM

Application Version : 3.9.1008

Core Rules Database Version : 3287
Trace Rules Database Version: 1298

Scan type : Complete Scan
Total Scan Time : 02:18:02

Memory items scanned : 297
Memory threats detected : 1
Registry items scanned : 3702
Registry threats detected : 32
File items scanned : 716644
File threats detected : 286

Adware.ZenoSearch-NVON
C:\WINNT\SYSTEM32\DWDSRNGT.EXE
C:\WINNT\SYSTEM32\DWDSRNGT.EXE
[{F1-14-42-20-ZN}] C:\WINNT\SYSTEM32\DWDSRNGT.EXE
C:\DOCUMENTS AND SETTINGS\DEFAULT\START MENU\PROGRAMS\STARTUP\TA_START.LNK
C:\WINNT\SYSTEM32\LJDSRNGQ.EXE
C:\QOOBOX\QUARANTINE\C\DOCUME~1\DEFAULT\STARTM~1\PROGRAMS\STARTUP\TA_START.LNK.VIR
C:\QOOBOX\QUARANTINE\C\WINNT\SYSTEM32\DWDSRNGT.EXE.VIR

Adware.Tracking Cookie
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][4].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][3].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][3].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\Default\Cookies\[email protected][1].txt
C:\Documents and Settings\Default\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][3].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][3].txt
C:\Documents and Settings\voices\Cookies\[email protected][4].txt
C:\Documents and Settings\voices\Cookies\[email protected][5].txt
C:\Documents and Settings\voices\Cookies\[email protected][6].txt
C:\Documents and Settings\voices\Cookies\[email protected][7].txt
C:\Documents and Settings\voices\Cookies\[email protected][8].txt
C:\Documents and Settings\voices\Cookies\[email protected][9].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][3].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\voices\Local Settings\Temp\Cookies\[email protected][2].txt

Trojan.ZenoSearch
C:\WINNT\system32\msnav32.ax
C:\QOOBOX\QUARANTINE\C\WINNT\SYSTEM32\MWINKMDT.EXE.VIR
C:\WINNT\SYSTEM32\MWINKMDT.EXE

Adware.AdSponsor
HKCR\AppId\AdBand.DLL
HKCR\AppId\AdBand.DLL#AppID

Adware.AdSponsor/ISM
HKCR\BndDrive.Band
HKCR\BndDrive.Band\CLSID
HKCR\BndDrive.Band\CurVer
HKCR\BndDrive.Band.1
HKCR\BndDrive.Band.1\CLSID
HKCR\BndDrive.BHO
HKCR\BndDrive.BHO\CLSID
HKCR\BndDrive.BHO\CurVer
HKCR\BndDrive.BHO.1
HKCR\BndDrive.BHO.1\CLSID
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}#AppID
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\Implemented Categories
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\InprocServer32
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\InprocServer32#ThreadingModel
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\ProgID
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\TypeLib
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\VersionIndependentProgID
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\0
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\0\win32
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\FLAGS
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\HELPDIR
HKCR\AppId\{1F5E0EA2-ABEA-44c3-95EC-2D1E721FE95E}
HKU\S-1-5-21-1275210071-1957994488-1823091459-1000\Software\antica
HKU\S-1-5-21-1275210071-1957994488-1823091459-1000\Software\BndDrive
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ISM\BNDDRIVE.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ISM\BNDLOADER.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ISM\ISM.EXE.VIR

Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE.VIR

Trojan.Downloader-Gen
C:\WINNT\SYSTEM32\WINPFZ32.SYS

Adware.Unknown Origin
C:\WINNT\SYSTEM32\ZXDNT3D.CFG


----------



## MFDnNC (Sep 7, 2004)

Stay away from registry cleaners!! They do more harm than good!

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis  mark them, close IE, click fix checked

O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\mwinkmdt.exe CHD003

O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\mwinkmdt.exe

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following line(s) one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINNT\system32\mwinkmdt.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START  RUN  type in %temp% - OK - Edit  Select all  File  Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new hijack log from normal NOT safe mode

How are things on the PC???????????


----------



## 1sunday (Aug 14, 2007)

I do appreciate all of your help and concern. My PC is running great. Only one pop-up. This is the latest log following the latest instructions that you issued. Not sure if everything went ok with the KillBox download. When I went to check the recycle bin after making the deletion of the WINNT\temp file, there was nothing there. 
Thanx again!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:18 AM, on 8/23/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\CAPM1RSK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE
C:\WINNT\system32\taskmgr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB002" /M "Stylus C88"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Task Manager.lnk = C:\WINNT\system32\taskmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ventana de estado de Canon PC1200 iC D600 iR1200G.LNK = C:\WINNT\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - https://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/UnSkin/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - https://care.alltel.com/lwp/static/installers/ALLTELControls.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

--
End of file - 6024 bytes


----------



## MFDnNC (Sep 7, 2004)

How are things?


----------

