Yahoo mail loggin gets hijacked to underconstruction [HJT log]

whenever I try to log in my email yahoo account //mail.yahoo.com .it gets transferred to www.underconstructions.networksolutions.com.
I tried with my gmail account also but it goes in same way.
Any solutions??
Do i have some kind of worm in my PC??

 

try using this link

Hi, try using this link as it's the one I use to get to the secure page for log in

https://login.yahoo.com/config/login_verify2?&.src=ym

If it gets the same message then would think you need to check for a virus but can't say anymore than that as have no technical skills to speak of just what I've learnt since owning this current computer.

 

I would change your passwords, quickly using the secure login if you can. This www.underconstructions.networksolutions.com does not resolve to an IP address, so I cannot get there with my browsers. If you actually see something, I would recommend going to Housecall, online AV scan, then posting a HijackThis log.

 

Thanks but need further solution

Hi there,
I was able to login yahoo from link mentioned by you.however what should I do to login gmail email account.

Further, what is the reason that only email website are directed to underconstruction.networksolutions.com , how this is happening , is it that yahoomail server is directing or some issues with my own PC.

 

sorry now even not able to log from yahoo link

Hi simreaper,

I was able to log from link u provided to log Yahoo email, however now even that is getting directed to underconsturction.networksolutions.com

I am worried that is there any worm in my PC which is doing this job??
how come I was able to log first time and then second time even link didnot work??

Pl help

 

hijack log file

Logfile of HijackThis v1.99.1
Scan saved at 6:09:56 PM, on 03-Aug-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\AcerGoto.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Documents and Settings\RAJENDRA\Desktop\hotfoon6.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AcerGoto] C:\WINDOWS\System32\AcerGoto.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe "
O4 - HKCU\..\Run: [HOTFOON2] "C:\Documents and Settings\RAJENDRA\Desktop\hotfoon6.exe" /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...opularScreenSaversFWBInitialSetup1.0.0.15.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158777964895
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mathworksevents.webex.com/client/T23SP33EP5/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF310558-BBE4-492D-814C-ACD23050C297}: NameServer = 212.72.1.186 212.72.23.4
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

kindly advise what should id? to stop this underconstruction.networksolutions direction on loggin email account of yahoo and gmail

 

Hi panchal,

I'll be back this evening with some recommendations. In the meantime, did you set these DNS Server addresses?

212.72.1.186 212.72.23.4

Registered to: General Telecommunications Organization
Ali Abduwani
P.O.Box xxx
Ruwi 112 OM

Looks rogue to me, and possibly most of your redirect problem. I do see other possible signs of infection though, so hold off doing anything yet.

What is this on your desktop? hotfoon6.exe

 

feedback

Thanks for replying regarding 212.72..............I had not set this DNS . General Telcom Org may be local ISP provider thorugh which I am dialing up internet connection.

Hotfoon.exe is software for VOIP communication and I had installed it on my PC to make PC to Pc calls.

I await for yr reply

 

It's important that you KNOW if that is your provider. The DNS settings are associated with a LAN connection, not a dialup. Which do you have?

My recommendation at this point is to scan again with HijackThis and place a check next to the following entry, close all other open programs and windows, then click Fix Checked.

O17 - HKLM\System\CCS\Services\Tcpip\..\{BF310558-BBE4-492D-814C-ACD23050C297}: NameServer = 212.72.1.186 212.72.23.4

Close HijackThis and re-open IE. See if you are still re-directed. If after fixing that entry you cannot connect, open HijackThis to the List of backups section (if it opens to the scan window, click Config, then Backups), select that entry then click Restore.


Then:

Note: You must be logged onto an account with administrator privileges to complete the following.
Download Deckard's System Scanner (dss.exe) to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

 

Sorry been offline PC crashed

Hi Panchal, glad to hear that the link did get you to your yahoo mail but sorry to hear that even that is now being redirected but not sure what else to say except follow the instructions the other person who posted gave you as does sound as if something has got into your PC and is messing with your mail connections.

Hope you get this sorted and gone off your system for good and I always choose the secure log on when possible and save it as a link in my favourites so can get to that one without having to wait for the secure link to come up luckily my providers is already secure link as am on broadband and that logs on as secure.

Simreaper

 

feedbcak DSS log file

Deckard's System Scanner v20070729.57
Run by RAJENDRA on 2007-08-13 at 22:18:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as RAJENDRA.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:18:43 PM, on 13-Aug-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\AcerGoto.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Documents and Settings\RAJENDRA\Desktop\hotfoon6.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\RAJENDRA\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\RAJENDRA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nzherald.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AcerGoto] C:\WINDOWS\System32\AcerGoto.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe "
O4 - HKCU\..\Run: [HOTFOON2] "C:\Documents and Settings\RAJENDRA\Desktop\hotfoon6.exe" /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...opularScreenSaversFWBInitialSetup1.0.0.15.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158777964895
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mathworksevents.webex.com/client/T23SP33EP5/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF310558-BBE4-492D-814C-ACD23050C297}: NameServer = 212.72.1.186 212.72.23.4
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- Files created between 2007-07-13 and 2007-08-13 -----------------------------

2007-08-03 07:01:07 0 d-------- C:\Documents and Settings\RAJENDRA\.housecall6.6
2007-07-30 16:05:43 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-07-30 16:05:39 0 d-------- C:\Program Files\MobiMate
2007-07-26 20:59:23 19456 --a------ C:\WINDOWS\system32\scp125.dll
2007-07-26 20:47:02 100352 --a------ C:\WINDOWS\system32\onlinex.exe <Not Verified; Siemens AG; OnlineX Module>
2007-07-26 20:45:38 75264 --a------ C:\WINDOWS\system32\drivers\vsnl2ada.sys <Not Verified; SIEMENS AG; SIEMENS® SoftNet (TM)>
2007-07-26 20:45:38 259072 --a------ C:\WINDOWS\system32\drivers\dpmconv.sys <Not Verified; Siemens AG; SIMATIC NET Software>
2007-07-26 20:44:50 124416 --a------ C:\WINDOWS\system32\drivers\s7osobux.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:44:50 123904 --a------ C:\WINDOWS\system32\drivers\s7oppilx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:37:10 14848 --a------ C:\WINDOWS\system32\S7OSC32X.DLL
2007-07-26 20:37:10 103360 --a------ C:\WINDOWS\system32\S7OSC16X.DLL
2007-07-26 20:37:10 21972 --a------ C:\WINDOWS\system32\drivers\s7oflxnx.sys <Not Verified; Siemens AG; Flash File Driver for external Prommer>
2007-07-26 20:37:10 20964 --a------ C:\WINDOWS\system32\drivers\s7oflinx.sys <Not Verified; Siemens AG; Flash File Driver for internal Prommer>
2007-07-26 20:37:06 136704 --a------ C:\WINDOWS\system32\TDCtrl.dll <Not Verified; ; TDCtrl Module>
2007-07-26 20:37:06 69376 --a------ C:\WINDOWS\system32\scpw32a.dll
2007-07-26 20:37:06 76800 --a------ C:\WINDOWS\system32\scpw32.dll <Not Verified; SCPW32; SCPW32>
2007-07-26 20:37:06 62976 --a------ C:\WINDOWS\system32\SCPBW32A.DLL
2007-07-26 20:37:06 52736 --a------ C:\WINDOWS\system32\scpbw32.dll <Not Verified; SCPBW32; SCPBW32>
2007-07-26 20:37:06 32768 --a------ C:\WINDOWS\system32\s7oformx.exe
2007-07-26 20:37:06 57344 --a------ C:\WINDOWS\system32\S7oformx.dll
2007-07-26 20:37:06 188479 --a------ C:\WINDOWS\system32\GSDECtrl.dll <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:37:05 90165 --a------ C:\WINDOWS\system32\S7otblsx.exe <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:37:05 98357 --a------ C:\WINDOWS\system32\S7otbldx.dll <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:37:05 30704 --a------ C:\WINDOWS\system32\drivers\s7oefs_x.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:37:05 323584 --a------ C:\WINDOWS\system32\AuthTool.dll <Not Verified; Siemens AG; AuthTool Dynamic Link Library>
2007-07-26 20:37:05 122880 --a------ C:\WINDOWS\system32\AuthRESe.dll <Not Verified; Siemens AG; AuthorsW>
2007-07-26 20:37:05 122880 --a------ C:\WINDOWS\system32\AuthRESd.dll <Not Verified; Siemens AG; AuthorsW>
2007-07-26 20:37:05 122880 --a------ C:\WINDOWS\system32\AuthRESc.dll <Not Verified; Siemens AG; AuthorsW>
2007-07-26 20:37:05 114688 --a------ C:\WINDOWS\system32\AuthRESb.dll <Not Verified; Siemens AG; AuthorsW>
2007-07-26 20:37:05 122880 --a------ C:\WINDOWS\system32\AuthRESa.dll <Not Verified; Siemens AG; AuthorsW>
2007-07-26 20:37:04 0 d-------- C:\WINDOWS\AuthTmpl
2007-07-26 20:35:13 217088 --a------ C:\WINDOWS\system32\s7esetdx.dll <Not Verified; SIEMENS AG; SIEMENS® Setup>
2007-07-26 20:35:13 40960 --a------ C:\WINDOWS\system32\MelbReg.dll <Not Verified; SIEMENS AG; SIEMENS® SIMATIC(TM) Common Runtime Interfaces>
2007-07-26 20:35:13 172544 --a------ C:\WINDOWS\system32\drivers\s7otsadx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 478720 --a------ C:\WINDOWS\system32\drivers\s7otranx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 222720 --a------ C:\WINDOWS\system32\drivers\s7otmcdx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 171520 --a------ C:\WINDOWS\system32\drivers\s7osmcax.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 73216 --a------ C:\WINDOWS\system32\drivers\s7oppitx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 7168 --a------ C:\WINDOWS\system32\drivers\s7opgdex.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 209920 --a------ C:\WINDOWS\system32\drivers\s7opcmcx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 177664 --a------ C:\WINDOWS\system32\drivers\s7opciax.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 30720 --a------ C:\WINDOWS\system32\drivers\s7ondisx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 67584 --a------ C:\WINDOWS\system32\drivers\s7odpx2x.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 8192 --a------ C:\WINDOWS\system32\drivers\c5511w2k.sys <Not Verified; Siemens AG; Profibus Softnet>
2007-07-26 20:35:13 40960 --a------ C:\WINDOWS\system32\cp551inf.dll
2007-07-26 20:33:12 398416 --a------ C:\WINDOWS\system32\vbrun300.dll <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2007-07-26 20:33:08 0 d-------- C:\WINDOWS\Setup
2007-07-26 20:31:58 0 d-------- C:\Siemens
2007-07-20 07:57:44 0 d--hs---- C:\FOUND.001
2007-07-19 07:22:10 0 d--hs---- C:\FOUND.000
2007-07-16 18:01:37 0 d-------- C:\TC
2007-07-16 17:43:40 0 d-------- C:\TURBOC2
2007-07-14 16:07:54 0 d-------- C:\Program Files\Powersim
2007-07-13 07:31:13 0 d-------- C:\Documents and Settings\RAJENDRA\Application Data\Skype
2007-07-13 07:31:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-07-13 07:30:54 0 d-------- C:\Program Files\Skype


-- Find3M Report ---------------------------------------------------------------

2007-08-13 20:25:40 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-07-12 10:35:52 0 d-------- C:\Program Files\Common Files\Borland
2007-07-12 10:35:06 0 d-------- C:\Program Files\Borland
2007-06-09 16:41:14 67056 --a------ C:\Documents and Settings\RAJENDRA\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcerGoto "= "C:\WINDOWS\System32\AcerGoto.exe" [04-Sep-01 01:44 PM]
"AtiPTA "= "atiptaxx.exe" [15-Sep-01 12:15 AM C:\WINDOWS\system32\atiptaxx.exe]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [04-Aug-04 12:56 AM C:\WINDOWS\system32\bthprops.cpl]
"@ "=" " []
"Sony Ericsson PC Suite "= "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26-Oct-05 04:17 PM]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [21-Dec-05 12:54 PM]
"Advanced Tools Check "= "C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [17-Aug-03 11:33 PM]
"Symantec NetDriver Monitor "= "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [02-Mar-07 07:56 PM]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12-Mar-07 06:30 PM]
"EssSpkPhone "= "essspk.exe" [26-Sep-01 10:50 AM C:\WINDOWS\essspk.exe]
"googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [02-Jan-07 01:22 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent "= "C:\PROGRA~1\MICROS~3\wcescomm.exe" [26-Jun-06 04:13 PM]
"HOTFOON2 "= "C:\Documents and Settings\RAJENDRA\Desktop\hotfoon6.exe" [06-Jul-07 12:04 PM]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [13-Oct-04 08:24 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Tok-Cirrhatus "= "C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe "

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=1 (0x1)
"DisableCMD "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions "=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Magic Keyboard.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Magic Keyboard.lnk
backup=C:\WINDOWS\pss\Magic Keyboard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HOTFOON2]
C:\Documents and Settings\RAJENDRA\Desktop\hotfoon4.exe /h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"C:\Program Files\Save\Save.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2007-08-13 at 22:20:10 ---------

 

The only thing I see in your logs that needs addressing, other than the DNS settings previously mentioned, is WhenUSave. It has been disabled from startup via msconfig. You can re-enable that entry and exit msconfig without restarting, then run a HijackThis scan and fix the 04 Run entry for it. Suggest you also see if WhenUSave is listed in Add/Remove programs and uninstall it if present.

Did you try fixing those DNS entries like I previously suggested?

 

feddback further

I followed yr advice and 'am sending latest scan main.txt file as follows further, I was not able to locate that 017 string regarding DNS as mentioned in yr earlier message.
I had fixed yousave .
Deckard's System Scanner v20070729.57
Run by RAJENDRA on 2007-08-14 at 11:05:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as RAJENDRA.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:05:14 AM, on 14-Aug-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\AcerGoto.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Documents and Settings\RAJENDRA\Desktop\hotfoon6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\RAJENDRA\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\RAJENDRA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nzherald.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AcerGoto] C:\WINDOWS\System32\AcerGoto.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe "
O4 - HKCU\..\Run: [HOTFOON2] "C:\Documents and Settings\RAJENDRA\Desktop\hotfoon6.exe" /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe "
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...opularScreenSaversFWBInitialSetup1.0.0.15.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158777964895
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mathworksevents.webex.com/client/T23SP33EP5/webex/ieatgpc.cab
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- Files created between 2007-07-14 and 2007-08-14 -----------------------------

2007-08-03 07:01:07 0 d-------- C:\Documents and Settings\RAJENDRA\.housecall6.6
2007-07-30 16:05:43 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-07-30 16:05:39 0 d-------- C:\Program Files\MobiMate
2007-07-26 20:59:23 19456 --a------ C:\WINDOWS\system32\scp125.dll
2007-07-26 20:47:02 100352 --a------ C:\WINDOWS\system32\onlinex.exe <Not Verified; Siemens AG; OnlineX Module>
2007-07-26 20:45:38 75264 --a------ C:\WINDOWS\system32\drivers\vsnl2ada.sys <Not Verified; SIEMENS AG; SIEMENS® SoftNet (TM)>
2007-07-26 20:45:38 259072 --a------ C:\WINDOWS\system32\drivers\dpmconv.sys <Not Verified; Siemens AG; SIMATIC NET Software>
2007-07-26 20:44:50 124416 --a------ C:\WINDOWS\system32\drivers\s7osobux.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:44:50 123904 --a------ C:\WINDOWS\system32\drivers\s7oppilx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:37:10 14848 --a------ C:\WINDOWS\system32\S7OSC32X.DLL
2007-07-26 20:37:10 103360 --a------ C:\WINDOWS\system32\S7OSC16X.DLL
2007-07-26 20:37:10 21972 --a------ C:\WINDOWS\system32\drivers\s7oflxnx.sys <Not Verified; Siemens AG; Flash File Driver for external Prommer>
2007-07-26 20:37:10 20964 --a------ C:\WINDOWS\system32\drivers\s7oflinx.sys <Not Verified; Siemens AG; Flash File Driver for internal Prommer>
2007-07-26 20:37:06 136704 --a------ C:\WINDOWS\system32\TDCtrl.dll <Not Verified; ; TDCtrl Module>
2007-07-26 20:37:06 69376 --a------ C:\WINDOWS\system32\scpw32a.dll
2007-07-26 20:37:06 76800 --a------ C:\WINDOWS\system32\scpw32.dll <Not Verified; SCPW32; SCPW32>
2007-07-26 20:37:06 62976 --a------ C:\WINDOWS\system32\SCPBW32A.DLL
2007-07-26 20:37:06 52736 --a------ C:\WINDOWS\system32\scpbw32.dll <Not Verified; SCPBW32; SCPBW32>
2007-07-26 20:37:06 32768 --a------ C:\WINDOWS\system32\s7oformx.exe
2007-07-26 20:37:06 57344 --a------ C:\WINDOWS\system32\S7oformx.dll
2007-07-26 20:37:06 188479 --a------ C:\WINDOWS\system32\GSDECtrl.dll <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:37:05 90165 --a------ C:\WINDOWS\system32\S7otblsx.exe <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:37:05 98357 --a------ C:\WINDOWS\system32\S7otbldx.dll <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:37:05 30704 --a------ C:\WINDOWS\system32\drivers\s7oefs_x.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:37:05 323584 --a------ C:\WINDOWS\system32\AuthTool.dll <Not Verified; Siemens AG; AuthTool Dynamic Link Library>
2007-07-26 20:37:05 122880 --a------ C:\WINDOWS\system32\AuthRESe.dll <Not Verified; Siemens AG; AuthorsW>
2007-07-26 20:37:05 122880 --a------ C:\WINDOWS\system32\AuthRESd.dll <Not Verified; Siemens AG; AuthorsW>
2007-07-26 20:37:05 122880 --a------ C:\WINDOWS\system32\AuthRESc.dll <Not Verified; Siemens AG; AuthorsW>
2007-07-26 20:37:05 114688 --a------ C:\WINDOWS\system32\AuthRESb.dll <Not Verified; Siemens AG; AuthorsW>
2007-07-26 20:37:05 122880 --a------ C:\WINDOWS\system32\AuthRESa.dll <Not Verified; Siemens AG; AuthorsW>
2007-07-26 20:37:04 0 d-------- C:\WINDOWS\AuthTmpl
2007-07-26 20:35:13 217088 --a------ C:\WINDOWS\system32\s7esetdx.dll <Not Verified; SIEMENS AG; SIEMENS® Setup>
2007-07-26 20:35:13 40960 --a------ C:\WINDOWS\system32\MelbReg.dll <Not Verified; SIEMENS AG; SIEMENS® SIMATIC(TM) Common Runtime Interfaces>
2007-07-26 20:35:13 172544 --a------ C:\WINDOWS\system32\drivers\s7otsadx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 478720 --a------ C:\WINDOWS\system32\drivers\s7otranx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 222720 --a------ C:\WINDOWS\system32\drivers\s7otmcdx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 171520 --a------ C:\WINDOWS\system32\drivers\s7osmcax.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 73216 --a------ C:\WINDOWS\system32\drivers\s7oppitx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 7168 --a------ C:\WINDOWS\system32\drivers\s7opgdex.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 209920 --a------ C:\WINDOWS\system32\drivers\s7opcmcx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 177664 --a------ C:\WINDOWS\system32\drivers\s7opciax.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 30720 --a------ C:\WINDOWS\system32\drivers\s7ondisx.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 67584 --a------ C:\WINDOWS\system32\drivers\s7odpx2x.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7(TM) Programmable Controller>
2007-07-26 20:35:13 8192 --a------ C:\WINDOWS\system32\drivers\c5511w2k.sys <Not Verified; Siemens AG; Profibus Softnet>
2007-07-26 20:35:13 40960 --a------ C:\WINDOWS\system32\cp551inf.dll
2007-07-26 20:33:12 398416 --a------ C:\WINDOWS\system32\vbrun300.dll <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2007-07-26 20:33:08 0 d-------- C:\WINDOWS\Setup
2007-07-26 20:31:58 0 d-------- C:\Siemens
2007-07-20 07:57:44 0 d--hs---- C:\FOUND.001
2007-07-19 07:22:10 0 d--hs---- C:\FOUND.000
2007-07-16 18:01:37 0 d-------- C:\TC
2007-07-16 17:43:40 0 d-------- C:\TURBOC2
2007-07-14 16:07:54 0 d-------- C:\Program Files\Powersim


-- Find3M Report ---------------------------------------------------------------

2007-08-13 22:30:36 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-07-13 07:31:14 0 d-------- C:\Documents and Settings\RAJENDRA\Application Data\Skype
2007-07-13 07:30:56 0 d-------- C:\Program Files\Skype
2007-07-12 10:35:52 0 d-------- C:\Program Files\Common Files\Borland
2007-07-12 10:35:06 0 d-------- C:\Program Files\Borland
2007-06-09 16:41:14 67056 --a------ C:\Documents and Settings\RAJENDRA\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcerGoto "= "C:\WINDOWS\System32\AcerGoto.exe" [04-Sep-01 01:44 PM]
"AtiPTA "= "atiptaxx.exe" [15-Sep-01 12:15 AM C:\WINDOWS\system32\atiptaxx.exe]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [04-Aug-04 12:56 AM C:\WINDOWS\system32\bthprops.cpl]
"@ "=" " []
"Sony Ericsson PC Suite "= "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26-Oct-05 04:17 PM]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [21-Dec-05 12:54 PM]
"Advanced Tools Check "= "C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [17-Aug-03 11:33 PM]
"Symantec NetDriver Monitor "= "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [02-Mar-07 07:56 PM]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12-Mar-07 06:30 PM]
"EssSpkPhone "= "essspk.exe" [26-Sep-01 10:50 AM C:\WINDOWS\essspk.exe]
"googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [02-Jan-07 01:22 AM]
"MSConfig "= "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04-Aug-04 12:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent "= "C:\PROGRA~1\MICROS~3\wcescomm.exe" [26-Jun-06 04:13 PM]
"HOTFOON2 "= "C:\Documents and Settings\RAJENDRA\Desktop\hotfoon6.exe" [06-Jul-07 12:04 PM]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [13-Oct-04 08:24 PM]
"WhenUSave "= "C:\Program Files\Save\Save.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Tok-Cirrhatus "= "C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe "

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=1 (0x1)
"DisableCMD "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions "=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Magic Keyboard.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Magic Keyboard.lnk
backup=C:\WINDOWS\pss\Magic Keyboard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HOTFOON2]
C:\Documents and Settings\RAJENDRA\Desktop\hotfoon4.exe /h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2007-08-14 at 11:06:23 ---------

 

Think that file is in msconfig

Hi Panchal,

That file marked 017 that they asked you to try disabling then logging on, I'm pretty sure that is in a system box accessed by typing msconfig in the run box and then big box comes up as have seen that HKLM in mine recently when trying to fix that Ftdisk error, so try there and just look under the tabs in this box might be the one that this person wants you to look in.

Simreaper

 

Hi panchal,

I see that you fixed the DNS entries. Is there any change in your situation? Still being re-directed?

BTW, you reported being re-directed to a networksolutions website. The following link shows who they are. Possibly your Internet Service Provider (ISP)?

http://www.networksolutions.com/whois/results.jsp?domain=networksolutions.com