http://redir.ws/5com Problem

Unknown · May 2007

Hello, I am having a big problem viewing youtube and amazon.com... Every time I try to visit these sites it comes up as 'http://redir.ws/5com/ and then redirects me to www.miaminews365.xxx......... Anyways, I did a scan with HijackThis, and this is what my log looks like... Any help would be awesome. Thanks...

Logfile of HijackThis v1.99.1
Scan saved at 4:28:46 PM, on 5/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\PLUGINS\filez\winamp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.juno.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\gqnepdjb.dll",realset
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: .lnk = C:\Program Files\Internet Explorer\PLUGINS\filez\winamp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://my.juno.com/s/sp?r=al&cf=sp
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FFB3818-1C77-4B07-BFC1-B4AE25E00C2E}: NameServer = 205.171.3.65 205.171.2.65
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

muuli · May 2007

Hello jessealanier

I'll check your log, please wait

muuli · May 2007

Hi jessealanier

Please rename HijackThis.exe to Scanner.exe.

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Please post a fresh HijackThis log and VundoFix log

jessealanier · May 2007

Hello Muuli, I have done what you asked, and here are the results...
thank you!

VundoFix V6.3.21
Checking Java version...
Sun Java not detected
Scan started at 2:00:36 PM 5/6/2007
Listing files found while scanning....
C:\Documents and settings\end user\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\end user\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
c:\windows\repair\rasdoc.dll
C:\WINDOWS\system32\ahmjhsbe.dll
C:\WINDOWS\system32\bwwvamsh.dll
C:\WINDOWS\system32\cdgpbxsf.dll
C:\WINDOWS\system32\dogowdua.dll
C:\WINDOWS\system32\dovgrkwg.dll
C:\WINDOWS\system32\eaypycfh.dll
C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\fhkmp.bak2
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fnvgutud.dll
C:\WINDOWS\system32\gjobpkmc.dll
C:\WINDOWS\system32\gmrvstxb.dll
C:\WINDOWS\system32\gwkrgvod.ini
C:\WINDOWS\system32\htoxdjbs.dll
C:\WINDOWS\system32\iifggff.dll
C:\WINDOWS\system32\inqyukoq.dll
C:\WINDOWS\system32\jbwlpmvv.dll
C:\WINDOWS\system32\jhvcsrwc.dll
C:\WINDOWS\system32\lwerkqrw.dll
C:\WINDOWS\system32\midlqfnq.dll
C:\WINDOWS\system32\nhibgxlb.dll
C:\WINDOWS\system32\nkjtjbps.dll
C:\WINDOWS\system32\opnmmnk.dll
C:\WINDOWS\system32\otrrqdno.dll
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\puqadbpf.dll
C:\WINDOWS\system32\qkgupqyb.dll
C:\WINDOWS\system32\rhruqxhu.dll
C:\WINDOWS\system32\rpvmihhe.dll
C:\WINDOWS\system32\rtmmymjv.dll
C:\WINDOWS\system32\sdbgprjx.ini
C:\WINDOWS\system32\skcvimuv.dll
C:\WINDOWS\system32\sneqjyvk.dll
C:\WINDOWS\system32\sxcgkdte.dll
C:\WINDOWS\system32\tixivtoe.dll
C:\WINDOWS\system32\tqwvnonl.dll
C:\WINDOWS\system32\uqwewtdo.dll
C:\WINDOWS\system32\vqndtkpx.dll
C:\WINDOWS\system32\wtlypxse.dll
C:\WINDOWS\system32\wxrkfuvm.dll
C:\WINDOWS\system32\xjrpgbds.dll
C:\WINDOWS\system32\ygsmbnox.dll
C:\WINDOWS\system32\ysbldeci.dll
Beginning removal...
Attempting to delete C:\Documents and settings\end user\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\end user\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!
Attempting to delete C:\Documents and settings\end user\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\end user\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!
Attempting to delete c:\windows\repair\rasdoc.dll
c:\windows\repair\rasdoc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ahmjhsbe.dll
C:\WINDOWS\system32\ahmjhsbe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bwwvamsh.dll
C:\WINDOWS\system32\bwwvamsh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cdgpbxsf.dll
C:\WINDOWS\system32\cdgpbxsf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dogowdua.dll
C:\WINDOWS\system32\dogowdua.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dovgrkwg.dll
C:\WINDOWS\system32\dovgrkwg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\eaypycfh.dll
C:\WINDOWS\system32\eaypycfh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\fhkmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\fhkmp.bak2
C:\WINDOWS\system32\fhkmp.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\fnvgutud.dll
C:\WINDOWS\system32\fnvgutud.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gjobpkmc.dll
C:\WINDOWS\system32\gjobpkmc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gmrvstxb.dll
C:\WINDOWS\system32\gmrvstxb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gwkrgvod.ini
C:\WINDOWS\system32\gwkrgvod.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\htoxdjbs.dll
C:\WINDOWS\system32\htoxdjbs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifggff.dll
C:\WINDOWS\system32\iifggff.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\inqyukoq.dll
C:\WINDOWS\system32\inqyukoq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jbwlpmvv.dll
C:\WINDOWS\system32\jbwlpmvv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jhvcsrwc.dll
C:\WINDOWS\system32\jhvcsrwc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lwerkqrw.dll
C:\WINDOWS\system32\lwerkqrw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\midlqfnq.dll
C:\WINDOWS\system32\midlqfnq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nhibgxlb.dll
C:\WINDOWS\system32\nhibgxlb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nkjtjbps.dll
C:\WINDOWS\system32\nkjtjbps.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnmmnk.dll
C:\WINDOWS\system32\opnmmnk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\otrrqdno.dll
C:\WINDOWS\system32\otrrqdno.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\pmkhf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\puqadbpf.dll
C:\WINDOWS\system32\puqadbpf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qkgupqyb.dll
C:\WINDOWS\system32\qkgupqyb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rhruqxhu.dll
C:\WINDOWS\system32\rhruqxhu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rpvmihhe.dll
C:\WINDOWS\system32\rpvmihhe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rtmmymjv.dll
C:\WINDOWS\system32\rtmmymjv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\sdbgprjx.ini
C:\WINDOWS\system32\sdbgprjx.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\skcvimuv.dll
C:\WINDOWS\system32\skcvimuv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\sneqjyvk.dll
C:\WINDOWS\system32\sneqjyvk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tixivtoe.dll
C:\WINDOWS\system32\tixivtoe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tqwvnonl.dll
C:\WINDOWS\system32\tqwvnonl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uqwewtdo.dll
C:\WINDOWS\system32\uqwewtdo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vqndtkpx.dll
C:\WINDOWS\system32\vqndtkpx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wtlypxse.dll
C:\WINDOWS\system32\wtlypxse.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wxrkfuvm.dll
C:\WINDOWS\system32\wxrkfuvm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xjrpgbds.dll
C:\WINDOWS\system32\xjrpgbds.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ygsmbnox.dll
C:\WINDOWS\system32\ygsmbnox.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ysbldeci.dll
C:\WINDOWS\system32\ysbldeci.dll Has been deleted!
Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 2:09:33 PM, on 5/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\PLUGINS\filez\winamp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.juno.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PsapiAnalyzer Object - {0A99A153-E4A0-4124-9DBE-AFADC0C902B6} - c:\windows\repair\rasdoc.dll (file missing)
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\autodiscb.dll
O2 - BHO: (no name) - {16E01569-8EC2-43E3-BD55-618492CA3163} - C:\WINDOWS\system32\njkbfntj.dll
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll
O2 - BHO: (no name) - {51C9DD43-BDA1-4012-BA1A-97EFC0C2EBBA} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - C:\WINDOWS\system32\mscoriezb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\gqnepdjb.dll",realset
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: .lnk = C:\Program Files\Internet Explorer\PLUGINS\filez\winamp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://my.juno.com/s/sp?r=al&cf=sp
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

I Hope this helps... Thank you again!

muuli · May 2007

Hi jessealanier

Please create the unistall list for your computer.

Open Hijackthis.
Press Open the Misc Tools section.
Press Open Uninstall Manager.
Press Save list...
Save the Uninstall_list.txt file on your Desktop and post your next reply.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

Please post a fresh HijackThis log, deckard's system scanner log and your uninstall list

http://redir.ws/5com Problem

Comments