IE6 Lockup
Hello,
I had to uninstall Internet Explorer 7 Yesterday. Afterwards when I double clicked Internet Explorer, it would open the webpage that was setup as the default web page, however if I typed a website in, or if I clicked on a link that would open another web page, multiple IE windows would open up and lockup my computer.
Also, I am having a problem with two things that I believe are connected to each other. When I use the search feacure in Windows (Start/Search), in the list of results, if I right click a file and select open containing folder, nothing happens. And if I open the properties box on a shortcut (select shortcut, rightclick, properties) and then select the "Find target button" nothing happens.
In both cases Windows Explorer should open to the folder containing the the file referenced.
How can I check if I have a virus or spyware that is causing this?
Thanks
Rob
I had to uninstall Internet Explorer 7 Yesterday. Afterwards when I double clicked Internet Explorer, it would open the webpage that was setup as the default web page, however if I typed a website in, or if I clicked on a link that would open another web page, multiple IE windows would open up and lockup my computer.
Also, I am having a problem with two things that I believe are connected to each other. When I use the search feacure in Windows (Start/Search), in the list of results, if I right click a file and select open containing folder, nothing happens. And if I open the properties box on a shortcut (select shortcut, rightclick, properties) and then select the "Find target button" nothing happens.
In both cases Windows Explorer should open to the folder containing the the file referenced.
How can I check if I have a virus or spyware that is causing this?
Thanks
Rob
0
This discussion has been closed.
Comments
Please describe what exactly you did/tried to do?
If you can't get to websites with the affected computer you should download a self-extracting copy of HijackThis to a working computer from here …….
http://downloads.malwareremoval.com/hijackthis_sfx.exe
Save it to the Desktop.
Transfer it via CD/floppy to the affected computer whilst it is offline.
Double-click on the file hijackthis_sfx.exe file and it will self-extract into its own folder ……
C:\Program Files\HijackThis
Open this folder and rename the hijackthis.exe file to scanner.exe.
You now have ...
C:\Program Files\HijackThis\scanner.exe.
Open that file and, from the menu, click on "Do a system scan and save a logfile".
Copy and paste the HJT logfile to this thread. More specific removal instructions will follow for any malware revealed.
MM
What I did was goto ADD/REMOVE and uninstall IE7. This caused a rollback to IE6. Afterwards when I would open internet explorer, what ever website IE6 would open to say the default homepage www.yahoo.com, it would open okay. However if I tried to go to the address bar and type for example www.google.com and press enter, then IE6 would begin to open up multiple windows and freezeup. These windows were all blank.
I figured out a way to go to other websites by doing a start/file/run and putting in a webaddres or url and clicking OK. this would open a windows directly to the page which I wanted to go to. I have reinstalled IE7 and the problem has gone away. However, I feel that I am going to have to backup my computer and reformat and reinstall the computer.
My trouble started when I uninstalled Norotn Internet Security 2005 to install AOL SAFETY AND SECURITY CENTER. NIS was detected by SSC and wouldn't run because of multiple firewalls and antivirus programs detected. I downloaded the norton removal tool to remove NIS and reinstall SSC again to have the same problem. In all this I have gone through different registry changes supervised by a Symantic tech. Still couldn't get SSC installed.
My computer is having more and more problems, I'm sure that there is malware here that the software I have purchased "StopZilla" hasn't found.
Anyway, here is my HJT log, I'd appreciate it if you would look over it.
Logfile of HijackThis v1.99.1
Scan saved at 12:19:18 PM, on 07/11/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Common Files\AOL\1176967536\ee\AOLSoftware.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\WinTV\scheduler\TitanTV.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\STOPzilla!\SZOptions.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar Browser Helper Object - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176967536\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - Startup: Creative Technology Volume Tray.lnk = C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
O4 - Startup: Nero DVD tray.lnk = C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe
O4 - Startup: TitanTV Remote Scheduler.lnk = C:\Program Files\WinTV\scheduler\TitanTV.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176711944515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176572622125
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Filter: text/salt+html - {407AADC1-FF74-4885-AB6D-67AF452F531A} - C:\Program Files\Microsoft Speech Application SDK 1.0\Client\SaltFilter.dll
O18 - Filter: text/salt+html; charset=utf-8 - {407AADC1-FF74-4885-AB6D-67AF452F531A} - C:\Program Files\Microsoft Speech Application SDK 1.0\Client\SaltFilter.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0252351183590670) (0252351183590670mcinstcleanup) - Unknown owner - C:\DOCUME~1\Rob\LOCALS~1\Temp\025235~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - Unknown owner - C:\Program Files\Common Files\AOL\1176967536\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - Unknown owner - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee McShield (McShield) - Unknown owner - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\mcafee.com\personal firewall\MPFService.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
But I believe my ststem may already be corrupted badly. My video drivers and CD rom drivers wouldn't load at one point. I reinstalled drivers over and over. Finally I found a fix for the CD drives, but I still can't get the video drivers to load.
I have a windows update icon in my notification area. When I click it, it just goes away. When I try to run WindowsUpdate from within IE,
I get this error
Please change your Internet Explorer security settings
To save changes to your settings for this website, you need to enable userdata persistence for Internet Explorer. Complete the steps below, and then click Change settings to the left and try saving your changes again.
In Internet Explorer, on the Tools menu, click Internet Options.
Click the Security tab, click the Internet security zone icon, and then click Custom Level.
In the Settings dialog box, scroll to the Miscellaneous section.
Under Userdata persistence , select Enable.
Click OK and when the security warning dialog box appears, click Yes.
Read more about steps you can take to resolve this problem (error number 0x800A0046) yourself. <---This is the link to "http://www.update.microsoft.com/windowsupdate/v6/troubleshoot.aspx?err=0x800A0046&ln=en"
I tried the fix desribed to no avail.
I'm going to try to reinstall SSC.
Rob
So I can't get the update to work! :-(
You look as if you are indeed having software clashes so I wish you luck in sorting that out.
In the meantime you should try a deeper scanner. I recommend you do this.
***********************
Make sure you have exposed all Hidden Files & Folders.
To enable the viewing of Hidden files follow these steps:
1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and close My Computer.
***********************
Please download and install Superantispyware here ….
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
***********************
Empty your recycle bin
*******************
Rehide your Hidden Files & Folders by carrying out the reverse operation to that described at the start of this post & reboot to normal mode.
We'll go from there.
MM
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/13/2007 at 09:14 AM
Application Version : 3.9.1008
Core Rules Database Version : 3259
Trace Rules Database Version: 1279
Scan type : Complete Scan
Total Scan Time : 02:08:27
Memory items scanned : 631
Memory threats detected : 0
Registry items scanned : 7630
Registry threats detected : 4
File items scanned : 111303
File threats detected : 16
Browser Hijacker.Apropos Media/PeopleOnPage
HKLM\Software\Classes\CLSID\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{7DD95801-9882-11CF-9FA9-00AA006C42C4}\Implemented Categories
HKCR\CLSID\{7DD95801-9882-11CF-9FA9-00AA006C42C4}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Adware.Tracking Cookie
C:\Documents and Settings\Rob\Cookies\rob@tacoda[1].txt
C:\Documents and Settings\Rob\Cookies\rob@ads.web.aol[1].txt
C:\Documents and Settings\Rob\Cookies\rob@fastclick[1].txt
C:\Documents and Settings\Rob\Cookies\rob@2o7[2].txt
C:\Documents and Settings\Rob\Cookies\rob@atwola[1].txt
C:\Documents and Settings\Rob\Cookies\rob@msnportal.112.2o7[1].txt
C:\Documents and Settings\Rob\Cookies\rob@server.iad.liveperson[3].txt
C:\Documents and Settings\Rob\Cookies\rob@server.iad.liveperson[1].txt
C:\Documents and Settings\Rob\Cookies\rob@partner2profit[1].txt
C:\Documents and Settings\Rob\Cookies\rob@specificclick[2].txt
C:\Documents and Settings\Rob\Cookies\rob@msnservices.112.2o7[1].txt
C:\Documents and Settings\Rob\Cookies\rob@nextag[1].txt
C:\Documents and Settings\Rob\Cookies\rob@ar.atwola[1].txt
C:\Documents and Settings\Rob\Cookies\rob@ads.pointroll[1].txt
C:\Documents and Settings\Rob\Cookies\rob@questionmarket[1].txt
C:\Documents and Settings\Rob\Cookies\rob@revsci[2].txt
Logfile of HijackThis v1.99.1
Scan saved at 9:44:29 AM, on 07/13/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Common Files\AOL\1176967536\ee\AOLSoftware.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\WinTV\scheduler\TitanTV.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Hijackthis\scanner.exe
HiJackThis Log
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar Browser Helper Object - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176967536\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Creative Technology Volume Tray.lnk = C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
O4 - Startup: Nero DVD tray.lnk = C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe
O4 - Startup: TitanTV Remote Scheduler.lnk = C:\Program Files\WinTV\scheduler\TitanTV.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176711944515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176572622125
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Filter: text/salt+html - {407AADC1-FF74-4885-AB6D-67AF452F531A} - C:\Program Files\Microsoft Speech Application SDK 1.0\Client\SaltFilter.dll
O18 - Filter: text/salt+html; charset=utf-8 - {407AADC1-FF74-4885-AB6D-67AF452F531A} - C:\Program Files\Microsoft Speech Application SDK 1.0\Client\SaltFilter.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0252351183590670) (0252351183590670mcinstcleanup) - Unknown owner - C:\DOCUME~1\Rob\LOCALS~1\Temp\025235~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
Please update Superantispyware to the latest definitions then rescan your computer with it again.
Save the scan log report as you did before.
***********
Open HJT ... click on 'Do a System Scan Only'... put tick/check marks next to these entries IF still present ...
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Remember to close ALL open browser windows – including this one – before clicking on “Fix Checked” at the foot of the HijackThis window.
***********
I see you have run Panda ActiveScan in the past. Please run another scan with this program now and save the log report.
In your next post please include the Superantispyware and ActiveScan reports.
I can't see anything else in the logs to give me reason to suspect malware. How is your computer acting now? Do you still have the "multiple IE windows" problem and/or the start/search/"find target" issues?
Have you tried browsing with an alternative browser (e.g. Firefox)? If so what happened? Still the same problems?
Anything else wrong or have things improved?
OJ
SuperAntivirus Scan
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/13/2007 at 02:09 PM
Application Version : 3.9.1008
Core Rules Database Version : 3269
Trace Rules Database Version: 1280
Scan type : Complete Scan
Total Scan Time : 02:03:00
Memory items scanned : 596
Memory threats detected : 0
Registry items scanned : 7616
Registry threats detected : 0
File items scanned : 111598
File threats detected : 9
Adware.Tracking Cookie
C:\Documents and Settings\Rob\Cookies\rob@ads.web.aol[1].txt
C:\Documents and Settings\Rob\Cookies\rob@msnportalbeetoffice2007.112.2o7[1].txt
C:\Documents and Settings\Rob\Cookies\rob@2o7[1].txt
C:\Documents and Settings\Rob\Cookies\rob@atwola[1].txt
C:\Documents and Settings\Rob\Cookies\rob@247realmedia[1].txt
C:\Documents and Settings\Rob\Cookies\rob@msnportal.112.2o7[1].txt
C:\Documents and Settings\Rob\Cookies\rob@shortmedia.us.intellitxt[1].txt
C:\Documents and Settings\Rob\Cookies\rob@ar.atwola[1].txt
C:\Documents and Settings\Rob\Cookies\rob@revsci[2].txt
Panda Active Scan
Incident Status Location
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Rob\Cookies\rob@atwola[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Rob\Cookies\rob@com[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rob\My Documents\OLD COMPUTER FILES\2006 CFROBW-LAPTOP FILES\Desktop\Security Testing Center\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rob\My Documents\OLD COMPUTER FILES\2006 CFROBW-LAPTOP FILES\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rob\My Documents\OLD COMPUTER FILES\2006 CFROBW-LAPTOP FILES\My Documents\Security Testing Center\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Rob\My Documents\OLD COMPUTER FILES\cwshredder\smitRem.exe[smitRem/Process.exe]
Adware:Adware/ActiveSearch Not disinfected C:\Documents and Settings\Rob\My Documents\OLD COMPUTER FILES\Software\AOL Active Virus Shield\avs.msi[unk_0061][tbhelper.dll]
STOPZilla Scan
Block/Extraction Pop-up blocker 2007-07-14 08:14:24 Extracted package VirusBurst
Block/Extraction Registry enforcer 2007-07-14 08:14:24 Extracted registry key HKUS\S-1-5-21-1477672703-1462116218-2362819659-1006\software\microsoft\windows\currentversion\internet settings\zonemap\ranges
Block/Extraction Registry enforcer 2007-07-14 08:14:23 Extracting registry value hklm\software\licenses
Block/Extraction Pop-up blocker 2007-07-14 08:14:22 Extracted package BHO Plugin
Block/Extraction Registry enforcer 2007-07-14 08:14:22 Extracted registry key hkus\s-1-5-21-1477672703-1462116218-2362819659-1006\software\microsoft\windows\currentversion\internet settings\p3p\history\qksrv.net
Block/Extraction Pop-up blocker 2007-07-14 08:14:22 Removed registry path="hkus\s-1-5-21-1477672703-1462116218-2362819659-1006\software\microsoft\windows\currentversion\internet settings\p3p\history\linksynergy.com"
Block/Extraction Pop-up blocker 2007-07-14 08:14:22 Removed registry path="hkus\s-1-5-21-1477672703-1462116218-2362819659-1006\software\microsoft\windows\currentversion\internet settings\p3p\history\fastclick.net"
Block/Extraction Pop-up blocker 2007-07-14 08:14:22 Removed registry path="hkus\s-1-5-21-1477672703-1462116218-2362819659-1006\software\microsoft\windows\currentversion\internet settings\p3p\history\fastclick.com"
Block/Extraction Pop-up blocker 2007-07-14 08:14:22 Removed registry path="hkus\s-1-5-21-1477672703-1462116218-2362819659-1006\software\microsoft\windows\currentversion\internet settings\p3p\history\commission-junction.com"
Block/Extraction Pop-up blocker 2007-07-14 08:14:22 Removed registry path="hkus\s-1-5-21-1477672703-1462116218-2362819659-1006\software\microsoft\windows\currentversion\internet settings\p3p\history\bfast.com"
Block/Extraction Registry enforcer 2007-07-14 08:14:21 Extracted registry key hkus\s-1-5-21-1477672703-1462116218-2362819659-1006\software\microsoft\windows\currentversion\internet settings\p3p\history\linksynergy.com
Block/Extraction Registry enforcer 2007-07-14 08:14:21 Extracted registry key hkus\s-1-5-21-1477672703-1462116218-2362819659-1006\software\microsoft\windows\currentversion\internet settings\p3p\history\fastclick.net
Block/Extraction Registry enforcer 2007-07-14 08:14:21 Extracted registry key hkus\s-1-5-21-1477672703-1462116218-2362819659-1006\software\microsoft\windows\currentversion\internet settings\p3p\history\fastclick.com
Block/Extraction Registry enforcer 2007-07-14 08:14:20 Extracted registry key hkus\s-1-5-21-1477672703-1462116218-2362819659-1006\software\microsoft\windows\currentversion\internet settings\p3p\history\commission-junction.com
Block/Extraction Registry enforcer 2007-07-14 08:14:20 Extracted registry key hkus\s-1-5-21-1477672703-1462116218-2362819659-1006\software\microsoft\windows\currentversion\internet settings\p3p\history\bfast.com
Block/Extraction Pop-up blocker 2007-07-14 08:14:16 Extracted package Media-Codec
Block/Extraction Registry enforcer 2007-07-14 08:14:16 Extracted registry key hklm\software\microsoft\windows\currentversion\policies\explorer\run
Block/Extraction Registry enforcer 2007-07-14 08:14:16 Extracted registry key HKUS\S-1-5-21-1477672703-1462116218-2362819659-1006\software\microsoft\windows\currentversion\internet settings\zonemap\ranges
Block/Extraction Registry enforcer 2007-07-14 08:14:16 Extracted registry key HKUS\S-1-5-20\software\microsoft\windows\currentversion\internet settings\zonemap\ranges
Block/Extraction Registry enforcer 2007-07-14 08:14:16 Extracted registry key HKUS\S-1-5-19\software\microsoft\windows\currentversion\internet settings\zonemap\ranges
Block/Extraction Registry enforcer 2007-07-14 08:14:16 Extracted registry key HKUS\.DEFAULT\software\microsoft\windows\currentversion\internet settings\zonemap\ranges
Block/Extraction Registry enforcer 2007-07-14 08:14:14 Extracted registry key HKUS\S-1-5-21-1477672703-1462116218-2362819659-1006\software\microsoft\windows\currentversion\internet settings\zonemap\domains
Block/Extraction Registry enforcer 2007-07-14 08:14:10 Extracted registry key HKUS\S-1-5-20\software\microsoft\windows\currentversion\internet settings\zonemap\domains
Block/Extraction Registry enforcer 2007-07-14 08:14:06 Extracted registry key HKUS\S-1-5-19\software\microsoft\windows\currentversion\internet settings\zonemap\domains
Block/Extraction Registry enforcer 2007-07-14 08:14:03 Extracted registry key HKUS\.DEFAULT\software\microsoft\windows\currentversion\internet settings\zonemap\domains
Block/Extraction Registry enforcer 2007-07-14 08:14:03 Extracting registry value hklm\software\licenses
Logfile of HijackThis v1.99.1
Scan saved at 8:19:39 AM, on 07/14/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Common Files\AOL\1176967536\ee\AOLSoftware.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinTV\scheduler\TitanTV.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\WinTV\WinTV2K.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\scanner.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar Browser Helper Object - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176967536\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Creative Technology Volume Tray.lnk = C:\Program Files\Creative\Surround Mixer\CTSysVol.exe
O4 - Startup: Nero DVD tray.lnk = C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe
O4 - Startup: TitanTV Remote Scheduler.lnk = C:\Program Files\WinTV\scheduler\TitanTV.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176711944515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176572622125
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Filter: text/salt+html - {407AADC1-FF74-4885-AB6D-67AF452F531A} - C:\Program Files\Microsoft Speech Application SDK 1.0\Client\SaltFilter.dll
O18 - Filter: text/salt+html; charset=utf-8 - {407AADC1-FF74-4885-AB6D-67AF452F531A} - C:\Program Files\Microsoft Speech Application SDK 1.0\Client\SaltFilter.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0252351183590670) (0252351183590670mcinstcleanup) - Unknown owner - C:\DOCUME~1\Rob\LOCALS~1\Temp\025235~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
I am aware of the following problems which I have still.
The Windows Update Icon will occasionaly appear and when clicked on just go's away. It dosn't say that anything was downloaded, or that anything is ready to install, and when the computer goes to shutdown, it usually wants me to shutdown and says that there are 5 items it wants to install. I do that and it appears to be working, when I do a start shutdown, it still wants to install 5 updates.
When I go to the WindowsUpdate site and attempt check for needed updates by either either an express or custom options, I get the following message.
Please change your Internet Explorer security settings
To save changes to your settings for this website, you need to enable userdata persistence for Internet Explorer. Complete the steps below, and then click Change settings to the left and try saving your changes again.
In Internet Explorer, on the Tools menu, click Internet Options.
Click the Security tab, click the Internet security zone icon, and then click Custom Level.
In the Settings dialog box, scroll to the Miscellaneous section.
Under Userdata persistence , select Enable.
Click OK and when the security warning dialog box appears, click Yes.
Read more about steps you can take to resolve this problem (error number 0x800A0046) yourself.
When I right Click on device my computer, select properties, select hardware tab and run Device Manager, I still have the exclamation point on my video display adapter.
I'm wondering if the Windows update notification area icon function is being exploited by a new type of exploit and is using this function to reinstall itself on shutdown, this may explain it's strange behavior.
Is there a way to repair the WindowsUpdate taskbar notification icon problem?
I formatted and re-installed my computer from scratch to get my video problem repaired.
Rob
I'm unaware of such an exploit that you mention but who knows? You may be right.
As you probably know HJT doesn't see all malware (far from it) so what you have done is good.
Best wishes.
MM
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead.
Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here