Here is the log from hjt. please analyse Primary phonics set 1 download.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:27:33 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Scan saved at 10:27:33 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAheadInCDInCDsrv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:PROGRA~1GrisoftAVG7avgamsvr.exe
C:PROGRA~1GrisoftAVG7avgupsvc.exe
C:PROGRA~1GrisoftAVG7avgemc.exe
C:WINDOWSSystem32inetsrvinetinfo.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesBrowser MOUSEmouse32a.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesAheadInCDInCD.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesRALINKCommonRaUI.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSSystem32svchost.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
G:virusspyware toolsHiJackThis_v2.exe
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAheadInCDInCDsrv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:PROGRA~1GrisoftAVG7avgamsvr.exe
C:PROGRA~1GrisoftAVG7avgupsvc.exe
C:PROGRA~1GrisoftAVG7avgemc.exe
C:WINDOWSSystem32inetsrvinetinfo.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesNorton AntiVirusnavapsvc.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesBrowser MOUSEmouse32a.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesAheadInCDInCD.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesRALINKCommonRaUI.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSSystem32svchost.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
G:virusspyware toolsHiJackThis_v2.exe
- The Wireless Wizard improves the speed and reliability of any WiFi, 2G, 3G, 4G or wired Internet connection. MY ESET ANTI VIRUS KEPT WARNING ME THROUGHOUT THE ENTIRE PROCESS OF DANGEROUS MAL.
- Persistent 'Ware and Virus? Posted 4/29/2010 8:48 AM. Ralink Turbo Wireless LAN Card. Program files InstallShield Installation Information 2010-03-25 14:19.
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = '>http://mail.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = '>http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = '>http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = '>http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.1121.2472swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O4 - HKLM.Run: [FLMOFFICE4DMOUSE] C:Program FilesBrowser MOUSEmouse32a.exe
O4 - HKLM.Run: [VTPreset] VTPreset.exe
O4 - HKLM.Run: [ccApp] 'C:Program FilesCommon FilesSymantec SharedccApp.exe'
O4 - HKLM.Run: [RemoteControl] 'C:Program FilesCyberLinkPowerDVDPDVDServ.exe'
O4 - HKLM.Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM.Run: [InCD] C:Program FilesAheadInCDInCD.exe
O4 - HKLM.Run: [LiveMonitor] C:Program FilesMSILive Update 3LMonitor.exe
O4 - HKLM.Run: [Adobe Reader Speed Launcher] 'C:Program FilesAdobeReader 8.0ReaderReader_sl.exe'
O4 - HKLM.Run: [Symantec PIF AlertEng] 'C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe' /a /m 'C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll'
O4 - HKLM.Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM.Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM.Run: [nwiz] nwiz.exe /install
O4 - HKLM.Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM.Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP
O4 - HKCU.Run: [MsnMsgr] 'C:Program FilesMSN MessengerMsnMsgr.Exe' /background
O4 - HKCU.Run: [Yahoo! Pager] 'C:Program FilesYahoo!Messengerypager.exe' -quiet
O4 - HKCU.Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU.Run: [NBJ] 'C:Program FilesAheadNero BackItUpNBJ.exe'
O4 - HKCU.Run: [updateMgr] 'C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe' AcRdB7_0_8
O4 - HKUSS-1-5-19.Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20.Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18.Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS.DEFAULT.Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
O4 - Startup: Webshots.lnk = C:Program FilesWebshotsLauncher.exe
O4 - Global Startup: AudioDeck.lnk = C:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: PC Alert 4.lnk = C:Program FilesMSIPC Alert 4PCAlert4.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:Program FilesRALINKCommonRaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - '>http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyWebSearchInitialSetup1.0.0.8.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - '>http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLMSystemCCSServicesTcpip.{82769B4A-0FB7-4079-8FFE-0B5B89EB9852}: NameServer = 63.161.90.49,192.168.1.196
O20 - Winlogon Notify: AutorunsDisabled - C:WINDOWS
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSSystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSSystem32browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:WINDOWSsystem32spooldriversw32x863HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:WINDOWSsystem32spooldriversw32x863HPBOID.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:Program FilesAheadInCDInCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:Program FilesAheadInCDInCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirusnavapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = '>http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = '>http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = '>http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.1121.2472swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar4.dll
O4 - HKLM.Run: [FLMOFFICE4DMOUSE] C:Program FilesBrowser MOUSEmouse32a.exe
O4 - HKLM.Run: [VTPreset] VTPreset.exe
O4 - HKLM.Run: [ccApp] 'C:Program FilesCommon FilesSymantec SharedccApp.exe'
O4 - HKLM.Run: [RemoteControl] 'C:Program FilesCyberLinkPowerDVDPDVDServ.exe'
O4 - HKLM.Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM.Run: [InCD] C:Program FilesAheadInCDInCD.exe
O4 - HKLM.Run: [LiveMonitor] C:Program FilesMSILive Update 3LMonitor.exe
O4 - HKLM.Run: [Adobe Reader Speed Launcher] 'C:Program FilesAdobeReader 8.0ReaderReader_sl.exe'
O4 - HKLM.Run: [Symantec PIF AlertEng] 'C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe' /a /m 'C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll'
O4 - HKLM.Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM.Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM.Run: [nwiz] nwiz.exe /install
O4 - HKLM.Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM.Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP
O4 - HKCU.Run: [MsnMsgr] 'C:Program FilesMSN MessengerMsnMsgr.Exe' /background
O4 - HKCU.Run: [Yahoo! Pager] 'C:Program FilesYahoo!Messengerypager.exe' -quiet
O4 - HKCU.Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU.Run: [NBJ] 'C:Program FilesAheadNero BackItUpNBJ.exe'
O4 - HKCU.Run: [updateMgr] 'C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe' AcRdB7_0_8
O4 - HKUSS-1-5-19.Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20.Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18.Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS.DEFAULT.Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
O4 - Startup: Webshots.lnk = C:Program FilesWebshotsLauncher.exe
O4 - Global Startup: AudioDeck.lnk = C:Program FilesVIA Technologies, IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: PC Alert 4.lnk = C:Program FilesMSIPC Alert 4PCAlert4.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:Program FilesRALINKCommonRaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - '>http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyWebSearchInitialSetup1.0.0.8.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - '>http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLMSystemCCSServicesTcpip.{82769B4A-0FB7-4079-8FFE-0B5B89EB9852}: NameServer = 63.161.90.49,192.168.1.196
O20 - Winlogon Notify: AutorunsDisabled - C:WINDOWS
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSSystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSSystem32browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:WINDOWSsystem32spooldriversw32x863HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:WINDOWSsystem32spooldriversw32x863HPBOID.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:Program FilesAheadInCDInCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:Program FilesAheadInCDInCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirusnavapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
--
End of file - 11550 bytes
End of file - 11550 bytes
Tenda Wireless LAN Card is a program developed by Tenda. The most used version is 1.5.12.0, with over 98% of all installations currently using this version. It adds a background controller service that is set to automatically run. Delaying the start of this service is possible through the service manager.
Ralink Wireless Lan Installshield Wizard Virus Download
- 2 Contributors
- forum12 Replies
- 86 Views
- 2 Days Discussion Span
- commentLatest Postby crunchie
Hi and welcome to Daniweb forums :).
Please download ComboFix by sUBs from '>HERE or '>HERE
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
- Re-enable all the programs that were disabled during the running of ComboFix.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
Do not mouse-click combofix's window while it is running. That may cause it to stall.
Installshield
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.