Internet Explorer Crashing Constantly

Discussion in 'Windows - Virus and spyware problems' started by DSpigener, Oct 16, 2008.

  1. DSpigener

    DSpigener Member

    Joined:
    Apr 14, 2007
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    11
    As a note, I've also posted this in the Windows Software Problems forum. I'm not sure if the issue is related to viruses or spyware in any way, but I figure it can't hurt to ask.

    Hello. I've been to this forum a few times looking for help with digtial media issues, and I've found everyone here to be quite friendly and helpful. I consider myself to be fairly tech savvy, but I'm having a problem with Internet Explorer that I just can't seem to fix on my own.

    I'm running Windows XP SP3 on a Gateway MX6426 laptop. I'm having the issue with Internet Explorer 7.

    Here's what's going on. Since about a week ago, I've been experiencing frequent and seemingly random freezing of the program window, followed by the usual error report notice. There doesn't seem to be any rhyme or reason to the crashes - sometimes only a moment after opening a new window, sometimes after a half hour or so. Once I allow it to close the window, I can open a new one and be back at my home page without any other issues, but then it happens again after a short time. My computer is not running slow otherwise.

    I've tried my usual anti-virus and spyware programs (AVG and Spybot) and dealt with the results accordingly, but the problem persists. I also tried reinstalling IE7 and even installing IE8 Beta. At this point, it's becoming extremely frustrating to use the internet even for leisurely surfing.

    At this point, any suggestions would be greatly appreciated. Thank you.
     
    Last edited: Oct 16, 2008
  2. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hi DSpigener

    Before we begin the cleanup process, it is important to do a little analysis first. We will analyze your computer with a tool called HijackThis.

    Please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file.

    Rename HijackThis(.exe) to scanner(.exe).

    Next, run scanner(.exe). A window will pop up.

    • Click on the button which says Main Menu, then Do a system scan and save a logfile.
    • Please wait for the scan to be completed.
    • After the scan has completed, a text window will pop up. Please post the contents of this window here.

    This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved.

    NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer.

    Best Regards :D
     
  3. DSpigener

    DSpigener Member

    Joined:
    Apr 14, 2007
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    11
    Thanks for the input, cdavfrew. Here's the info:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:27:23 PM, on 10/16/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\ehome\RMSvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\ehome\RMSysTry.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner.DJ\My Documents\HiJackThis\scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6426
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kotaku.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6426
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2007 Platinum\SCActiveBlock.dll (file missing)
    O2 - BHO: (no name) - {12D11612-1B95-4D94-BB0A-70894FB14E70} - (no file)
    O2 - BHO: (no name) - {23B43CE7-8C77-4E52-88CB-C89FD3D2BF08} - C:\WINDOWS\system32\gebcb.dll (file missing)
    O2 - BHO: (no name) - {43D71928-0ABD-4BDA-B9C6-1389401ED598} - C:\WINDOWS\system32\geedd.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: {8f433d30-51c0-f10a-12e4-851cb616985a} - {a589616b-c158-4e21-a01f-0c1503d334f8} - C:\WINDOWS\system32\mqfxbygk.dll (file missing)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\_helper.dll
    O2 - BHO: (no name) - {D318119E-CB62-4039-AE9B-CF9575BCAA7F} - C:\WINDOWS\system32\wvuvvwx.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
    O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1194242959671
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...f1/&filename=jinstall-6u7-windows-i586-jc.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Filter hijack: text/html - {88683e68-f48c-427b-afc7-06ee3d072b2d} - C:\WINDOWS\system32\iehlpr32.dll
    O20 - Winlogon Notify: wvuvvwx - wvuvvwx.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 11456 bytes
     
    Last edited: Oct 16, 2008
  4. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey DSpigener

    You are infected, as your HijackThis log shows.

    Now, please download ComboFix.
    With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

    Please disable all security programs, such as antiviruses, antispywares, and firewalls.
    Also disable your internet connection.


    • Run Combo-Fix.exe and follow the prompts.
    **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Do not click on the ComoboFix window, as it may cause it to stall.

    Best Regards :D
     
  5. DSpigener

    DSpigener Member

    Joined:
    Apr 14, 2007
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    11
    Thanks again, cdavfrew. Here's the info from ComboFix:

    ComboFix 08-10-16.08 - Owner 2008-10-17 11:51:01.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.475 [GMT -4:00]
    Running from: C:\Documents and Settings\Owner.DJ\My Documents\Combo-Fix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BMf3789091.txt
    C:\WINDOWS\BMf3789091.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\bcbeg.ini
    C:\WINDOWS\system32\bcbeg.ini2
    C:\WINDOWS\system32\bxaywhes.ini
    C:\WINDOWS\system32\ddeeg.ini
    C:\WINDOWS\system32\ddeeg.ini2
    C:\WINDOWS\system32\mcrh.tmp
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))
    .

    2008-10-15 11:29 . 2008-09-08 06:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
    2008-10-15 11:28 . 2008-08-14 06:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-15 11:28 . 2008-08-14 06:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-15 11:28 . 2008-08-14 05:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-15 11:28 . 2008-08-14 05:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-15 11:28 . 2008-09-15 08:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-12 00:54 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-10-11 12:05 . 2008-04-13 20:11 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
    2008-10-08 13:35 . 2008-10-08 13:35 <DIR> d-------- C:\WINDOWS\system32\scripting
    2008-10-08 13:35 . 2008-10-08 13:35 <DIR> d-------- C:\WINDOWS\system32\en
    2008-10-08 13:35 . 2008-10-08 13:35 <DIR> d-------- C:\WINDOWS\system32\bits
    2008-10-08 13:35 . 2008-10-08 13:35 <DIR> d-------- C:\WINDOWS\l2schemas
    2008-10-08 13:31 . 2008-10-08 13:31 <DIR> d-------- C:\WINDOWS\ServicePackFiles
    2008-10-02 20:34 . 2008-10-10 20:28 <DIR> d-------- C:\Program Files\Common
    2008-09-29 02:41 . 2008-10-11 12:34 <DIR> d-------- C:\Program Files\MySpace
    2008-09-29 02:41 . 2008-09-29 02:41 <DIR> d-------- C:\Documents and Settings\Owner.DJ\Application Data\MySpace
    2008-09-25 11:55 . 2008-09-25 11:55 <DIR> d-------- C:\Converted
    2008-09-25 11:51 . 2008-09-25 11:54 <DIR> d-------- C:\Program Files\SoundTaxi
    2008-09-25 11:51 . 2008-09-25 11:36 508,544 --a------ C:\WINDOWS\system32\SndTDriverV32.sys
    2008-09-25 11:51 . 2008-04-17 11:57 508,544 --a------ C:\WINDOWS\system32\drivers\SndTDriverV32.sys
    2008-09-25 11:51 . 2008-04-17 13:30 184,320 --a------ C:\WINDOWS\system32\snmvtsvc.exe
    2008-09-25 11:51 . 2008-04-17 11:57 10,936 --a------ C:\WINDOWS\system32\MovRVDrv32.dll
    2008-09-25 11:51 . 2008-04-17 11:57 3,993 --a------ C:\WINDOWS\system32\SndTDriverV32.inf
    2008-09-25 11:51 . 2008-04-17 11:57 3,768 --a------ C:\WINDOWS\system32\MovRVDrv32.sys
    2008-09-25 11:51 . 2008-04-17 11:57 3,768 --a------ C:\WINDOWS\system32\drivers\MovRVDrv32.sys
    2008-09-25 11:51 . 2008-04-17 11:57 2,618 --a------ C:\WINDOWS\system32\MovRVDrv32.inf
    2008-09-24 19:23 . 2008-09-24 19:23 53 --a------ C:\WINDOWS\REGKEYNT.INI

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-17 15:36 --------- d-----w C:\Documents and Settings\Owner.DJ\Application Data\uTorrent
    2008-10-16 03:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-10-14 15:06 --------- d-----w C:\Documents and Settings\Owner.DJ\Application Data\AVG7
    2008-10-12 04:54 --------- d-----w C:\Program Files\Java
    2008-10-11 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2008-10-11 16:34 --------- d-----w C:\Program Files\Common Files\Real
    2008-10-11 16:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-11 16:33 --------- d-----w C:\Program Files\DivX
    2008-10-11 16:33 --------- d-----w C:\Program Files\CyberLink
    2008-10-11 16:33 --------- d-----w C:\Documents and Settings\Owner.DJ\Application Data\IGN_DLM
    2008-09-30 04:24 --------- d-----w C:\Documents and Settings\Owner.DJ\Application Data\dvdcss
    2008-09-25 15:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-23 00:51 --------- d-----w C:\Program Files\StepMania
    2008-09-11 07:02 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-05 17:28 --------- d-----w C:\Documents and Settings\Owner.DJ\Application Data\SPORE
    2008-09-05 17:15 --------- d-----w C:\Program Files\Electronic Arts
    2008-09-04 18:27 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
    2008-08-23 19:42 6,704 ----a-w C:\WINDOWS\system32\drivers\EMSUSB2.SYS
    2008-08-23 19:42 3,536 ----a-w C:\WINDOWS\system32\drivers\FltrKbd.SYS
    2008-08-23 19:42 --------- d-----w C:\Program Files\EMS USB2
    2008-08-17 20:20 --------- d-----w C:\Program Files\ATI
    2008-08-17 20:20 --------- d-----w C:\Documents and Settings\Owner.DJ\Application Data\ATI
    2008-08-17 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
    2008-08-17 20:15 --------- d-----w C:\Program Files\ATI Technologies
    2008-08-17 20:14 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-02-22 18:50 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-12-05 17:40 698 ----a-w C:\Documents and Settings\Owner.DJ\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
    "ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 446464]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-27 219136]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18432]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
    backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner.DJ^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
    path=C:\Documents and Settings\Owner.DJ\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
    backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner.DJ^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=C:\Documents and Settings\Owner.DJ\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner.DJ^Start Menu^Programs^Startup^Scheduler.lnk]
    path=C:\Documents and Settings\Owner.DJ\Start Menu\Programs\Startup\Scheduler.lnk
    backup=C:\WINDOWS\pss\Scheduler.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
    C:\WINDOWS\system32\WLTRAY [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
    NA [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    --a------ 2007-05-10 22:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-09-11 01:43 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    --a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2007-04-03 18:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-08-05 23:56 64512 C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    --a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    --a------ 2005-08-12 19:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    ---hs---- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhanTim30]
    --a------ 2004-06-14 23:48 1211392 C:\Program Files\PhanTim3\PhanTim3.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --a------ 2002-09-14 02:42 212992 C:\WINDOWS\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
    --a------ 2005-02-25 21:24 966656 C:\WINDOWS\creator\Remind_XP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenPrint32]
    --a------ 2003-05-15 20:36 446464 C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "PrismXL"=2 (0x2)
    "Microsoft Office Groove Audit Service"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "AdobeActiveFileMonitor6.0"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Documents and Settings\\Owner.DJ\\My Documents\\utorrent.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\Google\\Google Earth\\googleearth.exe"=
    "C:\\Program Files\\AIM6\\aim6.exe"=
    "C:\\WINDOWS\\system32\\javaw.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Toblo\\Toblo 1.2.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "48216:TCP"= 48216:TCP:uTorrent
    "23073:TCP"= 23073:TCP:Soldats
    "3776:UDP"= 3776:UDP:Media Center Extender Service
    "3390:TCP"= 3390:TCP:Remote Media Center Experience

    R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 28160]
    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-01-25 200576]
    R3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-04-17 3768]
    R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-04-17 508544]
    S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys [ ]
    S3 EMSUSB2;EMSUSB2;C:\WINDOWS\system32\Drivers\EMSUSB2.SYS [2008-08-23 6704]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [ ]
    S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S3 SoundMovieServer;SoundMovieServer;C:\WINDOWS\system32\snmvtsvc.exe [2008-04-17 184320]
    S3 XDva019;XDva019;C:\WINDOWS\system32\XDva019.sys [ ]
    S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    QWAVE REG_MULTI_SZ QWAVE
    .
    Contents of the 'Scheduled Tasks' folder

    2008-10-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2008-10-17 C:\WINDOWS\Tasks\User_Feed_Synchronization-{0E3944D7-687F-419A-B31C-958E3F93ECAF}.job
    - C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 18:36]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{12D11612-1B95-4D94-BB0A-70894FB14E70} - (no file)
    BHO-{23B43CE7-8C77-4E52-88CB-C89FD3D2BF08} - C:\WINDOWS\system32\gebcb.dll
    BHO-{43D71928-0ABD-4BDA-B9C6-1389401ED598} - C:\WINDOWS\system32\geedd.dll
    BHO-{a589616b-c158-4e21-a01f-0c1503d334f8} - C:\WINDOWS\system32\mqfxbygk.dll
    BHO-{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - (no file)
    BHO-{D318119E-CB62-4039-AE9B-CF9575BCAA7F} - (no file)
    Notify-wvuvvwx - wvuvvwx.dll
    MSConfigStartUp-AOL Fast Start - C:\Program Files\AOL 9.0\AOL.EXE
    MSConfigStartUp-AOL Spyware Protection - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    MSConfigStartUp-BMf3789091 - C:\WINDOWS\system32\cklxrbts.dll
    MSConfigStartUp-EA Core - C:\Program Files\Electronic Arts\EADM\Core.exe
    MSConfigStartUp-f04ba30d - C:\WINDOWS\system32\sehwyaxb.dll
    MSConfigStartUp-GhostSurfDelSatellite - C:\Program Files\GhostSurf 2007 Platinum\DeleteSatellite.exe
    MSConfigStartUp-GoBoingo - C:\Program Files\Boingo\GoBoingo\GoBoingo.exe
    MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    MSConfigStartUp-HostManager - C:\Program Files\Common Files\AOL\1199575475\ee\AOLSoftware.exe
    MSConfigStartUp-igndlm - C:\Program Files\Download Manager\DLM.exe
    MSConfigStartUp-McafWelcome - C:\Program Files\McAfee.com\Agent\mcwelcom.exe
    MSConfigStartUp-MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    MSConfigStartUp-MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    MSConfigStartUp-MSKAGENTEXE - C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    MSConfigStartUp-OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe
    MSConfigStartUp-VirusScan Online - C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    MSConfigStartUp-VSOCheckTask - C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
    MSConfigStartUp-XboxStat - c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://kotaku.com/
    R1 -: HKCU-Internet Settings,ProxyServer = <local>
    R1 -: HKCU-Internet Settings,ProxyOverride = <local>
    O8 -: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-17 13:03:07
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\WLTRYSVC.EXE
    C:\WINDOWS\system32\BCMWLTRY.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\WINDOWS\ehome\McrdSvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\WINDOWS\system32\dllhost.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-17 13:12:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-17 17:12:14

    Pre-Run: 1,287,520,256 bytes free
    Post-Run: 11,742,867,456 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

    287 --- E O F --- 2008-10-16 03:47:53
     
  6. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey DSpigener

    Some malware files remain. Let's get rid of them.

    Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.

    Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.

    Configuring Malwarebytes

    • Click on the tab Settings.
    • Make sure only these boxes are checked:
    Code:
    Terminate Internet Explorer
    Automatically save and display logfile after removal
    Always scan memory objects
    Always scan registry objects
    Always scan filesystem
    Always scan extra and heuristics objects
    Updating Malwarebytes

    • Click on the tab Update.
    • Press the button Check for Updates
    • Wait for Malwarebytes to be fully updated.

    Scanning Time

    • Click on the tab Scanner.
    • Check Perform full scan and click on Scan
    • Wait for the scan to complete, and then click on Show Results.
    • Make sure all items are checked, then click on Remove Selected.
    **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.

    Post A Log

    • A text box will pop up after the removal process is over. Post the contents of the text here.
    • If no text box pops up, launch Malwarebytes, and click on the tab Logs.
    • The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
    Post the log here.

    Also post a new HijackThis log and tell me what problems you have left.

    Best Regards :D
     
  7. DSpigener

    DSpigener Member

    Joined:
    Apr 14, 2007
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    11
    Here's the info from MalwareBytes:

    Malwarebytes' Anti-Malware 1.29
    Database version: 1286
    Windows 5.1.2600 Service Pack 3

    10/19/2008 1:18:00 AM
    mbam-log-2008-10-19 (01-17-59).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 167023
    Time elapsed: 1 hour(s), 19 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d318119e-cb62-4039-ae9b-cf9575bcaa7f} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{88683e68-f48c-427b-afc7-06ee3d072b2d} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iehlpr32.dll (Trojan.Agent) -> Quarantined and deleted successfully.


    And here's the second HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:20:19 AM, on 10/19/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\ehome\RMSvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\ehome\RMSysTry.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Documents and Settings\Owner.DJ\My Documents\HiJackThis\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kotaku.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2007 Platinum\SCActiveBlock.dll (file missing)
    O2 - BHO: (no name) - {12D11612-1B95-4D94-BB0A-70894FB14E70} - (no file)
    O2 - BHO: (no name) - {23B43CE7-8C77-4E52-88CB-C89FD3D2BF08} - (no file)
    O2 - BHO: (no name) - {43D71928-0ABD-4BDA-B9C6-1389401ED598} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {a589616b-c158-4e21-a01f-0c1503d334f8} - (no file)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
    O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1194242959671
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/J...f1/&filename=jinstall-6u7-windows-i586-jc.cab
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - Winlogon Notify: wvuvvwx - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 10054 bytes

    Thanks again for all of your help.
     
  8. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey DSpigener

    Please run HijackThis.

    • Click on the button which says Main Menu, then Do a system scan only.
    • Please wait for the scan to be completed.
    • After the scan has completed, check the following entries.

    Code:
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2007 Platinum\SCActiveBlock.dll (file missing) 
    O2 - BHO: (no name) - {12D11612-1B95-4D94-BB0A-70894FB14E70} - (no file) 
    O2 - BHO: (no name) - {23B43CE7-8C77-4E52-88CB-C89FD3D2BF08} - (no file) 
    O2 - BHO: (no name) - {43D71928-0ABD-4BDA-B9C6-1389401ED598} - (no file) 
    O2 - BHO: (no name) - {a589616b-c158-4e21-a01f-0c1503d334f8} - (no file) 
    O20 - Winlogon Notify: wvuvvwx - C:\WINDOWS\
    Click on the button Fix checked

    NOTE:: Close all browsers before fixing anything.

    Also tell me what problems you have left.

    Best Regards :D
     
  9. DSpigener

    DSpigener Member

    Joined:
    Apr 14, 2007
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    11
    I ran HijackThis and repaired the entries you indicated. The computer is running fine (actually better than before) and I'm no longer having issues with Internet Explorer! Thanks so much for your help.
     
  10. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
  11. jenn0404

    jenn0404 Member

    Joined:
    Dec 13, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    Can someone help me? I've been having the same kind of errors for about the past week. My internet explorer is constantly getting errors and closing. It started out my windows explorer doing it. Now they both are. I ran the Hijack program I saw in this post and here is what the text box shows:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:34:21 AM, on 12/13/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Registry Defragmentation\RegManServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\User\Application Data\Google\klnxv19819115.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\FREEDO~1\fdm.exe
    C:\Downloads\Software\scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: 68.44.244.240 idenupdate.motorola.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WinDNN] "C:\Documents and Settings\User\Application Data\Google\klnxv19819115.exe" 2
    O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
    O4 - HKUS\S-1-5-18\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'Default user')
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Filter hijack: text/html - {76822445-cb8c-47d0-8947-2bc67e4d13ce} - C:\WINDOWS\system32\mst120.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 11270 bytes
     

Share This Page