TechSpot

Internet Explorer issues

By lizardlize
Oct 28, 2010
  1. Hello a few months ago i had issues with computer and seems to be getting worse, first thing i had both opera and internet explorer at same time, internet explorer started acting up.
    Problems - IE on certain pages does a tab recovery thing and wont open page resulting in shut down of program, also certain buttons dont work ie tools, send,ect.. I get a script error on several pages and wont let me load pics ect... Opera will let me install but will not let me open, so that dosent work at all. im not sure if virus or what but any help would be appreciated.
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4968

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18241

    10/27/2010 6:10:15 PM
    mbam-log-2010-10-27 (18-10-15).txt

    Scan type: Quick scan
    Objects scanned: 135633
    Time elapsed: 7 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Owner\Favorites\Qword Search Engine.url (Adware.QWO) -> Quarantined and deleted successfully.



    b-2E1ABEED1085}\RP899\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2548330566-1884866569-2845991655-1003 9805824 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18 262144 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19 8192 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20 8192 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2548330566-1884866569-2845991655-1003 192512 bytes

    ---- EOF - GMER 1.0.15 ----
     
  2. lizardlize

    lizardlize TS Rookie Topic Starter

    malwarbytes

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4968

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18241

    10/27/2010 6:10:15 PM
    mbam-log-2010-10-27 (18-10-15).txt

    Scan type: Quick scan
    Objects scanned: 135633
    Time elapsed: 7 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Owner\Favorites\Qword Search Engine.url (Adware.QWO) -> Quarantined and deleted successfully.
     
  3. lizardlize

    lizardlize TS Rookie Topic Starter

    dds

    DDS (Ver_10-10-21.02) - NTFSx86
    Run by Owner at 7:01:38.07 on Thu 10/28/2010
    Internet Explorer: 8.0.6001.18241
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.1015 [GMT -7:00]

    AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
    TB: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.americangirl.com/fun/agcn/kit/index.php?section=money"
    mRun: [InternetDownload_upgrade] "c:\program files\versalsoft\internetdownload\InternetDownload.exe" /upgrade
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mypictales.com/cart/ImageUploader5.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://beckyhiggins.ziblio.com/uploader/ImageUploader6.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
    DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2008-10-1 305288]
    R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\savrtpel.sys [2008-10-1 37000]
    R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-19 14336]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-4 55152]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100113.009\NAVENG.Sys [2008-1-19 84912]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100113.009\NavEx15.Sys [2008-1-19 1323568]
    S3 FeMouWDM;Fellowes Mouse Driver;c:\windows\system32\drivers\FeMouWDM.sys [2008-12-9 11393]
    S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-8-14 255648]
    S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-8-14 87712]
    S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-8-14 235168]
    S4 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
    S4 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\NAVAPSVC.EXE [2003-8-17 158848]
    S4 SAVScan;SAVScan;c:\program files\norton antivirus\SAVSCAN.EXE [2003-8-9 194272]
    S4 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-24 66784]

    =============== Created Last 30 ================

    2020-11-10 02:27:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\espionServerData
    2010-10-28 01:01:18 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
    2010-10-28 01:01:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-28 01:01:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-28 01:01:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-28 01:01:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-17 21:25:51 -------- d-----w- c:\program files\Gypsy Sync
    2010-10-13 23:05:33 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-13 23:05:33 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 23:05:23 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

    ==================== Find3M ====================

    2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-08-14 15:41:40 398744 ----a-r- c:\windows\system32\cpnprt2.cid
    2010-08-10 12:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-08-10 12:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

    ============= FINISH: 7:04:20.45 ===============
     
  4. lizardlize

    lizardlize TS Rookie Topic Starter

    attach report

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-21.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/1/2008 8:54:39 PM
    System Uptime: 10/28/2010 6:54:23 AM (1 hours ago)

    Motherboard: Intel Corporation | | D915GAG
    Processor: Intel(R) Pentium(R) 4 CPU 2.93GHz | J2E1 | 2933/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 149 GiB total, 86.004 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\742D09111100
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\742D09111100
    Service: NIC1394

    Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
    Description: Canon MP620 ser Network
    Device ID: ROOT\CANON_IJ_NETWORK\0000
    Manufacturer: Canon
    Name: Canon MP620 ser Network
    PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
    Service: StillCam

    ==== System Restore Points ===================

    RP765: 8/25/2010 2:17:41 PM - Installed Windows XP KB952954.
    RP766: 8/25/2010 2:18:25 PM - Installed Windows XP KB954211.
    RP767: 8/25/2010 2:19:08 PM - Installed Windows XP KB954600.
    RP768: 8/25/2010 2:19:49 PM - Installed Windows XP KB974112.
    RP769: 8/25/2010 2:20:33 PM - Installed Windows XP KB955069.
    RP770: 8/25/2010 2:21:16 PM - Installed Windows XP KB973687.
    RP771: 8/25/2010 2:22:01 PM - Installed Windows XP KB955759.
    RP772: 8/25/2010 2:22:51 PM - Installed Windows XP KB956572.
    RP773: 8/25/2010 2:23:40 PM - Installed Windows XP KB956802.
    RP774: 8/25/2010 2:24:22 PM - Installed Windows XP KB956803.
    RP775: 8/25/2010 2:25:05 PM - Installed Windows XP KB956841.
    RP776: 8/25/2010 2:25:48 PM - Installed Windows XP KB956844.
    RP777: 8/25/2010 2:26:31 PM - Installed Windows XP KB957095.
    RP778: 8/25/2010 2:27:15 PM - Installed Windows XP KB957097.
    RP779: 8/25/2010 2:27:59 PM - Installed Windows XP KB958644.
    RP780: 8/25/2010 2:28:44 PM - Installed Windows XP KB958687.
    RP781: 8/25/2010 2:29:27 PM - Installed Windows XP KB958690.
    RP782: 8/25/2010 2:30:10 PM - Installed Windows XP KB959426.
    RP783: 8/25/2010 2:30:54 PM - Installed Windows XP KB960225.
    RP784: 8/25/2010 2:31:45 PM - Installed Windows XP KB960803.
    RP785: 8/25/2010 2:32:51 PM - Installed Windows XP KB960859.
    RP786: 8/25/2010 2:33:34 PM - Installed Windows XP KB961118.
    RP787: 8/25/2010 2:34:31 PM - Installed Windows XP KB961371.
    RP788: 8/25/2010 2:35:15 PM - Installed Windows XP KB961373.
    RP789: 8/25/2010 2:35:59 PM - Installed Windows XP KB961501.
    RP790: 8/25/2010 2:36:42 PM - Installed Windows XP KB961503.
    RP791: 8/25/2010 2:37:29 PM - Installed Windows XP KB967715.
    RP792: 8/25/2010 2:38:53 PM - Installed Windows XP KB968389.
    RP793: 8/25/2010 2:40:17 PM - Installed Windows XP KB968537.
    RP794: 8/25/2010 2:41:01 PM - Installed Windows XP KB969059.
    RP795: 8/25/2010 2:41:47 PM - Installed Windows XP KB969947.
    RP796: 8/25/2010 2:42:31 PM - Installed Windows XP KB970238.
    RP797: 8/25/2010 2:43:16 PM - Installed Windows XP KB970430.
    RP798: 8/25/2010 2:44:01 PM - Installed Windows XP KB971468.
    RP799: 8/25/2010 2:44:48 PM - Installed Windows XP KB971486.
    RP800: 8/25/2010 2:45:34 PM - Installed Windows XP KB971557.
    RP801: 8/25/2010 2:46:17 PM - Installed Windows XP KB971633.
    RP802: 8/25/2010 2:47:00 PM - Installed Windows XP KB971657.
    RP803: 8/25/2010 2:47:44 PM - Installed Windows XP KB971737.
    RP804: 8/25/2010 2:48:31 PM - Installed Windows XP KB972270.
    RP805: 8/25/2010 2:49:17 PM - Installed Windows XP KB973354.
    RP806: 8/25/2010 2:50:02 PM - Installed Windows XP KB973507.
    RP807: 8/25/2010 2:50:48 PM - Installed Windows XP KB973687.
    RP808: 8/25/2010 2:51:32 PM - Installed Windows XP KB973815.
    RP809: 8/25/2010 2:52:17 PM - Installed Windows XP KB973869.
    RP810: 8/25/2010 2:53:02 PM - Installed Windows XP KB974112.
    RP811: 8/25/2010 2:53:47 PM - Installed Windows XP KB974318.
    RP812: 8/25/2010 2:54:35 PM - Installed Windows XP KB974392.
    RP813: 8/25/2010 2:55:20 PM - Installed Windows XP KB974571.
    RP814: 8/25/2010 2:56:07 PM - Installed Windows XP KB975025.
    RP815: 8/25/2010 2:56:50 PM - Installed Windows XP KB975467.
    RP816: 8/25/2010 2:57:37 PM - Installed Windows XP KB975560.
    RP817: 8/25/2010 2:59:01 PM - Installed Windows XP KB975561.
    RP818: 8/25/2010 3:00:15 PM - Installed Windows XP KB975562.
    RP819: 8/25/2010 3:00:59 PM - Installed Windows XP KB975713.
    RP820: 8/25/2010 3:03:40 PM - Installed Windows XP KB977165.
    RP821: 8/25/2010 3:04:28 PM - Installed Windows XP KB977914.
    RP822: 8/25/2010 3:05:16 PM - Installed Windows XP KB978037.
    RP823: 8/25/2010 3:06:57 PM - Installed Windows XP KB978251.
    RP824: 8/25/2010 3:07:40 PM - Installed Windows XP KB978338.
    RP825: 8/25/2010 3:09:04 PM - Installed Windows XP KB978542.
    RP826: 8/25/2010 3:09:47 PM - Installed Windows XP KB978601.
    RP827: 8/25/2010 3:11:08 PM - Installed Windows XP KB978706.
    RP828: 8/25/2010 3:13:00 PM - Installed Windows XP KB979309.
    RP829: 8/25/2010 3:13:42 PM - Installed Windows XP KB979482.
    RP830: 8/25/2010 3:14:24 PM - Installed Windows XP KB979559.
    RP831: 8/25/2010 3:15:09 PM - Installed Windows XP KB979683.
    RP832: 8/25/2010 3:16:01 PM - Installed Windows XP KB980218.
    RP833: 8/25/2010 3:16:44 PM - Installed Windows XP KB980232.
    RP834: 8/25/2010 3:36:13 PM - Installed %1 %2.
    RP835: 8/26/2010 4:28:54 PM - System Checkpoint
    RP836: 8/27/2010 3:00:16 AM - Software Distribution Service 3.0
    RP837: 8/28/2010 3:27:12 AM - System Checkpoint
    RP838: 8/29/2010 3:27:22 AM - System Checkpoint
    RP839: 8/30/2010 4:27:20 AM - System Checkpoint
    RP840: 8/30/2010 8:23:44 PM - Removed Adobe Photoshop Elements 7.0.
    RP841: 8/31/2010 8:27:22 PM - System Checkpoint
    RP842: 9/1/2010 6:10:12 PM - Installed Adobe Photoshop Elements 8.0.
    RP843: 9/1/2010 6:13:28 PM - Installed Adobe Photoshop Elements 8.0.
    RP844: 9/1/2010 8:29:38 PM - Installed Adobe Photoshop Elements 8.0.
    RP845: 9/2/2010 9:27:21 PM - System Checkpoint
    RP846: 9/3/2010 9:56:11 PM - System Checkpoint
    RP847: 9/4/2010 10:27:21 PM - System Checkpoint
    RP848: 9/5/2010 11:28:29 PM - System Checkpoint
    RP849: 9/7/2010 12:27:21 AM - System Checkpoint
    RP850: 9/8/2010 1:27:25 AM - System Checkpoint
    RP851: 9/9/2010 2:27:25 AM - System Checkpoint
    RP852: 9/10/2010 3:27:25 AM - System Checkpoint
    RP853: 9/11/2010 4:27:26 AM - System Checkpoint
    RP854: 9/12/2010 5:27:26 AM - System Checkpoint
    RP855: 9/13/2010 6:51:03 AM - System Checkpoint
    RP856: 9/14/2010 8:02:12 AM - System Checkpoint
    RP857: 9/15/2010 8:27:30 AM - System Checkpoint
    RP858: 9/16/2010 8:28:35 AM - System Checkpoint
    RP859: 9/17/2010 9:27:30 AM - System Checkpoint
    RP860: 9/18/2010 10:15:57 AM - System Checkpoint
    RP861: 9/19/2010 10:27:30 AM - System Checkpoint
    RP862: 9/20/2010 11:28:35 AM - System Checkpoint
    RP863: 9/21/2010 12:27:30 PM - System Checkpoint
    RP864: 9/22/2010 1:27:35 PM - System Checkpoint
    RP865: 9/23/2010 2:27:35 PM - System Checkpoint
    RP866: 9/24/2010 3:27:35 PM - System Checkpoint
    RP867: 9/25/2010 4:27:36 PM - System Checkpoint
    RP868: 9/26/2010 4:28:39 PM - System Checkpoint
    RP869: 9/27/2010 5:27:35 PM - System Checkpoint
    RP870: 9/28/2010 6:28:40 PM - System Checkpoint
    RP871: 9/29/2010 7:27:39 PM - System Checkpoint
    RP872: 9/30/2010 7:46:30 PM - System Checkpoint
    RP873: 10/1/2010 8:27:56 PM - System Checkpoint
    RP874: 10/2/2010 8:28:48 PM - System Checkpoint
    RP875: 10/3/2010 9:33:04 PM - System Checkpoint
    RP876: 10/4/2010 10:27:39 PM - System Checkpoint
    RP877: 10/5/2010 11:27:43 PM - System Checkpoint
    RP878: 10/7/2010 6:22:54 PM - System Checkpoint
    RP879: 10/8/2010 6:28:22 PM - System Checkpoint
    RP880: 10/10/2010 10:12:45 AM - Software Distribution Service 3.0
    RP881: 10/11/2010 10:53:09 AM - System Checkpoint
    RP882: 10/12/2010 11:53:09 AM - System Checkpoint
    RP883: 10/13/2010 12:53:09 PM - System Checkpoint
    RP884: 10/13/2010 8:49:42 PM - Removed iCamSource
    RP885: 10/14/2010 3:00:16 AM - Software Distribution Service 3.0
    RP886: 10/15/2010 3:22:10 AM - System Checkpoint
    RP887: 10/16/2010 4:22:10 AM - System Checkpoint
    RP888: 10/17/2010 5:22:10 AM - System Checkpoint
    RP889: 10/17/2010 2:25:50 PM - Installed Gypsy Sync
    RP890: 10/18/2010 3:22:16 PM - System Checkpoint
    RP891: 10/19/2010 4:22:15 PM - System Checkpoint
    RP892: 10/20/2010 5:22:16 PM - System Checkpoint
    RP893: 10/21/2010 5:23:21 PM - System Checkpoint
    RP894: 10/22/2010 6:22:16 PM - System Checkpoint
    RP895: 10/23/2010 6:35:53 PM - System Checkpoint
    RP896: 10/24/2010 8:13:57 PM - System Checkpoint
    RP897: 10/25/2010 9:10:22 PM - System Checkpoint
    RP898: 10/26/2010 9:20:27 PM - System Checkpoint
    RP899: 10/27/2010 10:18:57 PM - System Checkpoint

    ==== Installed Programs ======================

    Acrobat.com
    ActiveX Download Control Trial Version
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop Elements 8.0
    Adobe Photoshop.com Inspiration Browser
    Adobe Reader 9
    Adobe Shockwave Player
    Akamai NetSession Interface
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    BigFix
    Bonjour
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP Navigator EX 1.0
    Canon MP Navigator EX 2.0
    Canon MP620 series MP Drivers
    Canon MP620 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    CC_ccStart
    ccCommon
    Choice Guard
    Coupon Printer for Windows
    Critical Update for Windows Media Player 11 (KB959772)
    Digital Media Reader
    DoraLinks (remove only)
    DVD-CLONER V5.60 Build 973
    EasyPoint Mouse Software
    FA Alphabet and Numbers
    Go Fish
    Gypsy Sync
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Adapters and Drivers
    Internet Explorer (Enable DEP)
    iPhone Configuration Utility
    iTunes
    Java 2 Runtime Environment, SE v1.4.2
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 7
    Learn2 Player (Uninstall Only)
    LiveReg (Symantec Corporation)
    LiveUpdate 1.90 (Symantec Corporation)
    Logitech QuickCam Software
    Logitech® Camera Driver
    Malwarebytes' Anti-Malware
    McAfee Security Scan
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2000 Premium
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    MSRedist
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Multimedia Keyboard Driver
    Nero BurnRights
    Nero OEM
    Netflix Movie Viewer
    Norton AntiVirus 2004
    Norton AntiVirus 2004 (Symantec Corporation)
    Norton AntiVirus Parent MSI
    Norton WMI Update
    PowerDVD
    Pure Networks Port Magic
    QuickTime
    RealPlayer Basic
    Realtek High Definition Audio Driver
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB960714)
    Security Update for Windows Internet Explorer 8 (KB961260)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Shutterfly Express Uploader
    Smilebox
    SoftV92 Data Fax Modem with SmartCP
    Spybot - Search & Destroy
    Symantec Network Drivers Update
    Symantec Script Blocking Installer
    SymNet
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Backup Utility
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 8 Beta 2
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    YouData 5-Stack

    ==== Event Viewer Messages From Past Week ========

    10/27/2010 6:13:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    10/27/2010 5:50:58 PM, error: Service Control Manager [7034] - The SNMP Service service terminated unexpectedly. It has done this 1 time(s).
    10/27/2010 5:50:58 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    10/27/2010 5:50:58 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
    10/27/2010 5:50:58 PM, error: Service Control Manager [7034] - The Adobe Active File Monitor V8 service terminated unexpectedly. It has done this 1 time(s).
    10/27/2010 5:50:58 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    ==== End Of File ===========================
     
  5. lizardlize

    lizardlize TS Rookie Topic Starter

    gmr report

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-28 06:51:53
    Windows 5.1.2600 Service Pack 3
    Running: l6rvr1mj.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwwcafow.sys


    ---- System - GMER 1.0.15 ----

    SSDT E1DBE7D0 ZwConnectPort

    ---- Kernel code sections - GMER 1.0.15 ----

    ? nufdn.sys The system cannot find the file specified. !
    init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF77BF300]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1124] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- Files - GMER 1.0.15 ----

    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899 0 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\RestorePointSize 8 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\rp.log 536 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot 0 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\ComDb.Dat 23616 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\domain.txt 56 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\Repository 0 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\Repository\$WinMgmt.CFG 20 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\Repository\FS 0 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\Repository\FS\INDEX.BTR 1163264 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\Repository\FS\INDEX.MAP 604 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\Repository\FS\MAPPING.VER 4 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\Repository\FS\MAPPING1.MAP 3684 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\Repository\FS\MAPPING2.MAP 3680 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\Repository\FS\OBJECTS.DATA 6209536 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\Repository\FS\OBJECTS.MAP 3084 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_MACHINE_SAM 24576 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_MACHINE_SECURITY 49152 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_MACHINE_SOFTWARE 30728192 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_MACHINE_SYSTEM 10186752 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_USER_.DEFAULT 3108864 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18 262144 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19 229376 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20 233472 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2548330566-1884866569-2845991655-1003 9805824 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18 262144 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19 8192 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20 8192 bytes
    File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP899\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2548330566-1884866569-2845991655-1003 192512 bytes

    ---- EOF - GMER 1.0.15 ----
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot Mr. or Ms. Lizard! I'll try to help get this sorted out.

    For one thing, I see 3 versions of Internet Explorer on the system: IEv7, IEv8 and Internet Explorer 8 Beta 2. I would think this could confuse the system as to which version to use!

    You also have both the Norton antivirus program and McAfee. Please uninstall one of these. Multiple AV programs can make a system more vulnerable. Tools to help:
    McAfee Removal
    Norton Removal Tool

    There are several old versions of Java on the system. These are also vulnerabilities. Please update to the current v6u22
    Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    Java 2 Runtime Environment, SE v1.4.2
    Java(TM) 6 Update 20
    Java(TM) 6 Update 7


    I'd like you to run an online AV scan:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    We'll see if this turns up anything. Get the IE versions cleared up and see if that improves the problem. I'll review the log from Eset after you do the scan.
     
  7. lizardlize

    lizardlize TS Rookie Topic Starter

    i only see IE beta 2 in my add and remove i think i removed another version but i did not see three what is the title?
     
  8. lizardlize

    lizardlize TS Rookie Topic Starter

    online scan dosent do anything i click yes then start and does nothing?
     
  9. lizardlize

    lizardlize TS Rookie Topic Starter

    Internet Explorer (Enable DEP) this is other one i deleted not even sure if iev7 oer iev8
     
  10. lizardlize

    lizardlize TS Rookie Topic Starter

    ok did everything except the internet explorer question, this is log requested


    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=8d2c151b87d58f41b1033095eb330c06
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-10-28 05:12:32
    # local_time=2010-10-28 10:12:32 (-0700, US Mountain Standard Time)
    # country="United States"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 64197527 64197527 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=106882
    # found=0
    # cleaned=0
    # scan_time=1972
     
  11. lizardlize

    lizardlize TS Rookie Topic Starter

    i set to show updates in add/programs and did see two updates for ie8 that i deleted.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I would appreciate it if you would use the Edit function instead of making a new reply. I get email feedback for each of those sentences you put in a new reply> that would be 5 emails!

    IE6 is in Windows Components

    If it didn't do anything, where did the log come from?

    You need to be sure you launch just one version of IE

    Eset log is clean

    That's fine. You can do the updates when we're through,
    ===========================================================
    .
    Most likely due to having multiple versions of IE loading.

    And the script error is what?

    Suggest you get IE working well first.
    ===============================================
    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
     
  13. lizardlize

    lizardlize TS Rookie Topic Starter

    just fyi i downlodaded firefox because i needed to use and it is working fine, it is set for my default browser not sure if that changes anything? here is report for combofix




    ComboFix 10-10-30.01 - Owner 10/30/2010 14:19:00.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.1083 [GMT -7:00]
    Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Owner\Recent\Thumbs.db
    C:\Install.exe
    C:\Thumbs.db
    c:\windows\system32\spool\prtprocs\w32x86\CNMPD8U.DLL
    c:\windows\system32\spool\prtprocs\w32x86\CNMPP8U.DLL

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
    .

    2020-11-10 02:27 . 2020-11-10 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData
    2020-11-10 02:23 . 2010-09-02 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2010-10-28 21:09 . 2010-10-28 21:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
    2010-10-28 16:36 . 2010-10-28 16:36 -------- d-----w- c:\program files\ESET
    2010-10-28 16:07 . 2010-10-28 16:07 -------- d-----w- c:\program files\MSN Toolbar
    2010-10-28 16:06 . 2010-10-28 16:34 -------- d-----w- c:\program files\MSN Toolbar Installer
    2010-10-28 01:01 . 2010-10-28 01:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2010-10-28 01:01 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-28 01:01 . 2010-10-28 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-28 01:01 . 2010-10-28 01:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-28 01:01 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-17 21:25 . 2010-10-17 21:25 -------- d-----w- c:\program files\Gypsy Sync
    2010-10-13 23:05 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-13 23:05 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 23:05 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-02 22:55 . 2010-10-02 22:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 19:23 . 2004-08-20 00:48 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-20 00:48 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-20 00:48 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-20 00:48 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 11:50 . 2010-05-21 18:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 09:29 . 2008-10-02 05:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-01 11:51 . 2004-08-20 00:48 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2004-08-20 00:49 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2004-08-20 00:49 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2004-08-20 00:49 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2004-08-20 00:49 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-05-15 16:35 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2004-08-20 00:48 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2004-08-20 00:49 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2004-08-20 00:48 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-08-14 15:41 . 2010-06-09 17:50 398744 ----a-r- c:\windows\system32\cpnprt2.cid
    2010-08-10 12:15 . 2010-08-10 12:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-08-10 12:15 . 2010-08-10 12:15 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "InternetDownload_upgrade"="c:\program files\Versalsoft\InternetDownload\InternetDownload.exe" [2010-03-09 394752]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
    backup=c:\windows\pss\BigFix.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2004-07-03 03:49 57344 ----a-w- c:\windows\ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    2004-07-06 02:05 2550272 ----a-w- c:\windows\ALCWZRD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
    2007-04-18 06:49 50736 ----a-w- c:\program files\AOL 9.0a\aol.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
    2004-05-18 01:30 543232 ----a-w- c:\windows\zHotkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fellowes Proxy]
    2004-03-25 21:13 86016 ----a-w- c:\windows\system32\r3proxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    2004-03-17 22:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-01 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    2005-06-08 21:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    2005-06-08 22:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    2005-06-08 22:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    2005-07-20 00:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
    2004-06-30 17:49 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-08-10 12:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2003-11-01 02:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
    2003-09-19 16:09 36864 ----a-w- c:\windows\ShowWnd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
    2009-12-07 11:22 266888 ----a-w- c:\documents and settings\Owner\Application Data\Smilebox\SmileboxTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2004-07-01 19:58 73728 ----a-w- c:\windows\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2008-07-07 16:42 2156368 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
    2004-03-11 22:18 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WANMiniportService"=2 (0x2)
    "SymWSC"=2 (0x2)
    "SNDSrvc"=3 (0x3)
    "SBService"=2 (0x2)
    "SAVScan"=2 (0x2)
    "navapsvc"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "idsvc"=3 (0x3)
    "fsssvc"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "ccSetMgr"=2 (0x2)
    "ccPwdSvc"=3 (0x3)
    "ccEvtMgr"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "AOL ACS"=2 (0x2)
    "AdobeActiveFileMonitor7.0"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1223252074\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\AOL 9.0a\\waol.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1042:TCP"= 1042:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [10/9/2009 5:45 AM 169312]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/19/2004 5:49 PM 14336]
    S3 FeMouWDM;Fellowes Mouse Driver;c:\windows\system32\drivers\FeMouWDM.sys [12/9/2008 11:15 PM 11393]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://beckyhiggins.ziblio.com/uploader/ImageUploader6.cab
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ho2ic6kb.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
    MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    MSConfigStartUp-mmtask - c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    MSConfigStartUp-NAV CfgWiz - c:\program files\Common Files\Symantec Shared\CfgWiz.exe
    MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-30 14:27
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2010-10-30 14:32:27
    ComboFix-quarantined-files.txt 2010-10-30 21:32

    Pre-Run: 92,940,132,352 bytes free
    Post-Run: 92,964,610,048 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - F4E7564CB4434EDBA0A4EE8BC642C8C2
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Well, it puts Firefox on the system! And entries in the Registry, plug ins for Firefox, etc. etc.

    FYI: you did the Eset scan using # iexplore.exe=8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)

    I would guess you're on the slow side starting up and shutting down. You might want to use the msconfig utility to uncheck everything on the Startup menu except the antivirus, third party firewall if using one, touchpad if on laptop and the 2-3 Pure Magic Network processes.

    Consider uninstalling Smilebox> smileboxtray.exe uses excessive system and memory resources with no corresponding benefit. Applications such as these should be disabled to improve overall system performance.

    Please run this Security Check:

    Download Security Check and save it to your Desktop.
    • Double-click SecurityCheck.exe to run.
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post this log in your next reply.
    ========================================
    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
     
  15. lizardlize

    lizardlize TS Rookie Topic Starter

    i unistalled smile box and here are your two reports.

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    McAfee Security Scan
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    Adobe Reader 9
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````




    ComboFix 10-10-30.01 - Owner 10/30/2010 18:08:45.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.1056 [GMT -7:00]
    Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\My Documents\Downloads\CFScript.txt
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
    .

    2020-11-10 02:27 . 2020-11-10 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData
    2020-11-10 02:23 . 2010-09-02 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2010-10-28 21:09 . 2010-10-28 21:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
    2010-10-28 16:36 . 2010-10-28 16:36 -------- d-----w- c:\program files\ESET
    2010-10-28 16:07 . 2010-10-28 16:07 -------- d-----w- c:\program files\MSN Toolbar
    2010-10-28 16:06 . 2010-10-28 16:34 -------- d-----w- c:\program files\MSN Toolbar Installer
    2010-10-28 01:01 . 2010-10-28 01:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2010-10-28 01:01 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-28 01:01 . 2010-10-28 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-28 01:01 . 2010-10-28 01:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-28 01:01 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-17 21:25 . 2010-10-17 21:25 -------- d-----w- c:\program files\Gypsy Sync
    2010-10-13 23:05 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-13 23:05 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-13 23:05 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-02 22:55 . 2010-10-02 22:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 19:23 . 2004-08-20 00:48 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-20 00:48 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-20 00:48 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-20 00:48 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 11:50 . 2010-05-21 18:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 09:29 . 2008-10-02 05:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-01 11:51 . 2004-08-20 00:48 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2004-08-20 00:49 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2004-08-20 00:49 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2004-08-20 00:49 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2004-08-20 00:49 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-05-15 16:35 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2004-08-20 00:48 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2004-08-20 00:49 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2004-08-20 00:48 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-08-14 15:41 . 2010-06-09 17:50 398744 ----a-r- c:\windows\system32\cpnprt2.cid
    2010-08-10 12:15 . 2010-08-10 12:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-08-10 12:15 . 2010-08-10 12:15 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "InternetDownload_upgrade"="c:\program files\Versalsoft\InternetDownload\InternetDownload.exe" [2010-03-09 394752]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
    backup=c:\windows\pss\BigFix.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2004-07-03 03:49 57344 ----a-w- c:\windows\ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    2004-07-06 02:05 2550272 ----a-w- c:\windows\ALCWZRD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
    2007-04-18 06:49 50736 ----a-w- c:\program files\AOL 9.0a\aol.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
    2004-05-18 01:30 543232 ----a-w- c:\windows\zHotkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fellowes Proxy]
    2004-03-25 21:13 86016 ----a-w- c:\windows\system32\r3proxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    2004-03-17 22:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-01 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    2005-06-08 21:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    2005-06-08 22:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    2005-06-08 22:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    2005-07-20 00:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
    2004-06-30 17:49 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-08-10 12:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2003-11-01 02:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
    2003-09-19 16:09 36864 ----a-w- c:\windows\ShowWnd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2004-07-01 19:58 73728 ----a-w- c:\windows\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2008-07-07 16:42 2156368 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
    2004-03-11 22:18 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WANMiniportService"=2 (0x2)
    "SymWSC"=2 (0x2)
    "SNDSrvc"=3 (0x3)
    "SBService"=2 (0x2)
    "SAVScan"=2 (0x2)
    "navapsvc"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "idsvc"=3 (0x3)
    "fsssvc"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "ccSetMgr"=2 (0x2)
    "ccPwdSvc"=3 (0x3)
    "ccEvtMgr"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "AOL ACS"=2 (0x2)
    "AdobeActiveFileMonitor7.0"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1223252074\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\AOL 9.0a\\waol.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1042:TCP"= 1042:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [10/9/2009 5:45 AM 169312]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/19/2004 5:49 PM 14336]
    S3 FeMouWDM;Fellowes Mouse Driver;c:\windows\system32\drivers\FeMouWDM.sys [12/9/2008 11:15 PM 11393]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://beckyhiggins.ziblio.com/uploader/ImageUploader6.cab
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ho2ic6kb.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-SmileboxTray - c:\documents and settings\Owner\Application Data\Smilebox\SmileboxTray.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-30 18:19
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3540)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-10-30 18:25:00
    ComboFix-quarantined-files.txt 2010-10-31 01:24
    ComboFix2.txt 2010-10-30 21:32

    Pre-Run: 93,009,563,648 bytes free
    Post-Run: 92,988,944,384 bytes free

    - - End Of File - - C9EA14365A44475AC2679B47D3EC05EC
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Can you tell me specifically what problem you're having now?

    Also, what antivirus program do you have that runs and update on the system. I note that Norton was removed and you only show the McAfee Security Scan Plus> this is not an antivirus program. I'm sorry- I may have misled you saying these were both AV programs. It is a scanner like the Security Check I had you run. Eset is only an online scanner. You need to get AV protection right away:

    Both of the following programs are free and known to be good:
    Avira Free
    Avast Home

    Please reboot the system after the installation is complete.
    ===========================================
    There are also out of date versions of Java and the Adobe Reader on the system. Please go to Add/Remove Programs in the Control Panel and uninstall any other versions except Java v6u22 and Adobe Reader v9.xx.

    Please uninstall this version of HijackThis> HijackThis 2.0.2 - it is outdated. After removing these outdated files, do the following:

    Download the HijackThis Installer and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  17. lizardlize

    lizardlize TS Rookie Topic Starter

    i only saw the java and adobe reader that you said to keep? so i only deleted old version hijack this


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:36:28 PM, on 11/1/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18241)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\Versalsoft\InternetDownload\VDTB.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
    O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\Versalsoft\InternetDownload\VDTB.dll
    O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
    O4 - HKLM\..\Run: [InternetDownload_upgrade] "C:\Program Files\Versalsoft\InternetDownload\InternetDownload.exe" /upgrade
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.americangirl.com/fun/agcn/kit/index.php?section=money"
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.mypictales.com/cart/ImageUploader5.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://beckyhiggins.ziblio.com/uploader/ImageUploader6.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    --
    End of file - 8876 bytes
     
  18. lizardlize

    lizardlize TS Rookie Topic Starter

    im not having any problem now with firefox, so i guess i can keep firefox,
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please reopen HijackThis to do system scan only.' Check each of the following, if present:

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscaxBDSCANONLINE.cab


    Close all Windows except HijackThis and click on "Fix Checked."
    ==================================================
    Click on Start> Control Panel> Add/Remove Programs> uninstall any versions of Java except v6u22> uninstall any versions of the Adobe reader except v9.xx
    Close All Programs.
    =================================================
    Click on Control Panel> Internet Options> Manage Addons> there are 2 sections here: Addons currently used and Addons previously used> look in both sections by clicking on the arrow to the right of the Dialog box> Highlight and Disable each of the following:
    BDSCANONLINE (BitDefender Online scanner
    fcax: F-Secure Online scanner
    eos: Eset Online scanner

    Click on OK> Apply> OK
    ===============================================
    You have multiple entries loading from the Registry on startup, then remain running in the background. They do not need to start on boot and use the system resources unless you are actively using them at that time. Examples:
    Fellowes Proxy- installed in 2004 with Fellowes EasyPoint mouse software in 2004. It included a proxy with the download but that is only needed if you use the extended features of the mouse. If you do not or no longer have that mouse, this can be stopped, then removed.
    LogitechSoftwareUpdate
    LogitechVideoRepair
    LogitechVideoTray
    LVCOMSX
    NeroFilterCheck
    QuickTime Tas
    CyberLink\PowerDVD
    Multimedia Keyboard Driver.(Showan)
    SunKistEM: Digital Media Reader> Used to communicate with Alcor_Micro Multimedia Card Reader- only when needed.


    Were you having any malware related problems? Were they related to IE specifically? Do any problems persist?
     
  20. lizardlize

    lizardlize TS Rookie Topic Starter

    ok i did first part but the next two things im confused,

    Click on Control Panel> Internet Options> Manage Addons> there are 2 sections here: Addons currently used and Addons previously used> look in both sections by clicking on the arrow to the right of the Dialog box> Highlight and Disable each of the following:
    BDSCANONLINE (BitDefender Online scanner
    fcax: F-Secure Online scanner
    eos: Eset Online scanner
    Click on OK> Apply

    I do not see these in the add on sect and i have show all add on checked in the window[

    You have multiple entries loading from the Registry on startup, then remain running in the background. They do not need to start on boot and use the system resources unless you are actively using them at that time. Examples:
    Fellowes Proxy- installed in 2004 with Fellowes EasyPoint mouse software in 2004. It included a proxy with the download but that is only needed if you use the extended features of the mouse. If you do not or no longer have that mouse, this can be stopped, then removed.
    LogitechSoftwareUpdate
    LogitechVideoRepair
    LogitechVideoTray
    LVCOMSX
    NeroFilterCheck
    QuickTime Tas
    CyberLink\PowerDVD
    Multimedia Keyboard Driver.(Showan)
    SunKistEM: Digital Media Reader> Used to communicate with Alcor_Micro Mu

    you did not say how to remove these, i typed miscong in the run menu and clicked the start up tab and all these listed were already unchecked, did you want them removed or??? disabled
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, no problem if the addons are gone. And if the entries for the processes I listed are already unchecked on the Startup menu, that's okay too.

    If the problems have been resolved:
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    Let me know if you have any questions.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...