I.E. opening by itself and then error

View previous topic View next topic Go down

I.E. opening by itself and then error

Post by ltlfroggie on 6th November 2009, 10:55 pm

I had a problem with Personal Guard 2009 a couple of days ago and through your site, got if fȋxed. I.E. is still opening though on its own but it doesn't entirely open...it tries and then I get one of those messages asking me if I want to send the error report to Windows. I'm going to guess this still has something to do with Personal Guard, but wanted to be sure of what needs to be done. Here is my HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:23 PM, on 11/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CVSEXPSS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\SXPESVC.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxcqcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\W815DM.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Akrontech\enuff\ENUFF.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\HP\DIGITA~1\bin\hpqbam08.exe
C:\PROGRA~1\HP\DIGITA~1\bin\hpqgpc01.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jackie\Desktop\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,esubx.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 antivirsystem.com
O1 - Hosts: 94.232.248.66 [You must be registered and logged in to see this link.]
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [ddhelper] "C:\WINDOWS\W815DM.EXE"
O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [enuff_temp] C:\Program Files\Akrontech\enuff\ENUFF.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\pg_remove.exe" /runcleanupscript
O4 - HKLM\..\Run: [vonetisef] Rundll32.exe "c:\windows\system32\juteruno.dll",a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MRI_DISABLED
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: RemindU - [You must be registered and logged in to see this link.] and Settings\Jackie\Application Data\Upromise__RemindU\uprot\uproC5.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - [You must be registered and logged in to see this link.] and Settings\Jackie\Application Data\Upromise__RemindU\uprot\uproC5.htm (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - [You must be registered and logged in to see this link.]
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: dowihume.dll c:\windows\system32\juteruno.dll c:\windows\system32\gobobeja.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: dahinarow - {3681519d-67af-4bbc-8b52-17dccae7265e} - c:\windows\system32\gobobeja.dll
O21 - SSODL: vutepemut - {389fe335-f2fa-444f-8128-91926a280e87} - c:\windows\system32\juteruno.dll
O22 - SharedTaskScheduler: tokatiluy - {3681519d-67af-4bbc-8b52-17dccae7265e} - c:\windows\system32\gobobeja.dll
O22 - SharedTaskScheduler: kupuhivus - {389fe335-f2fa-444f-8128-91926a280e87} - c:\windows\system32\juteruno.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ENUFF XP Service (ENXPSVC) - Akrontech - C:\WINDOWS\system32\CVSEXPSS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 11116 bytes

Thanks!
Jackie

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by Origin on 7th November 2009, 7:59 pm

Hello ltlfroggie,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,esubx.exe,
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 94.232.248.66 antivirsystem.com
    O1 - Hosts: 94.232.248.66 [You must be registered and logged in to see this link.]
    O2 - BHO: (no name) - MRI_DISABLED - (no file)
    O4 - HKLM\..\Run: [vonetisef] Rundll32.exe "c:\windows\system32\juteruno.dll",a
    O20 - AppInit_DLLs: dowihume.dll c:\windows\system32\juteruno.dll c:\windows\system32\gobobeja.dll
    O21 - SSODL: dahinarow - {3681519d-67af-4bbc-8b52-17dccae7265e} - c:\windows\system32\gobobeja.dll
    O21 - SSODL: vutepemut - {389fe335-f2fa-444f-8128-91926a280e87} - c:\windows\system32\juteruno.dll
    O22 - SharedTaskScheduler: tokatiluy - {3681519d-67af-4bbc-8b52-17dccae7265e} - c:\windows\system32\gobobeja.dll
    O22 - SharedTaskScheduler: kupuhivus - {389fe335-f2fa-444f-8128-91926a280e87} - c:\windows\system32\juteruno.dll


  • Press "Fix Checked"
  • Close Hijack This.
Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 8th November 2009, 1:24 am

Thanks! I noticed that MBAM deleted my HJT program, or what I downloaded from this site anyhow...it is the last item on this list:

Malwarebytes' Anti-Malware 1.41
Database version: 3103
Windows 5.1.2600 Service Pack 3

11/7/2009 7:20:38 PM
mbam-log-2009-11-07 (19-20-38).txt

Scan type: Quick Scan
Objects scanned: 176162
Time elapsed: 13 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\SYSTEM32\vovuzidi.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vonetisef (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\vovuzidi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\vovuzidi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\SYSTEM32\vovuzidi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\gizehure.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vomusuna.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\yetisono.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jackie\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by Belahzur on 8th November 2009, 9:07 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 8th November 2009, 10:55 pm

DDS (Ver_09-10-26.01) - NTFSx86
Run by Jackie at 16:52:51.21 on Sun 11/08/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.566 [GMT -6:00]

AV: AVG 7.5.560 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CVSEXPSS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\SXPESVC.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxcqcoms.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\W815DM.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Akrontech\enuff\ENUFF.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\HP\DIGITA~1\bin\hpqbam08.exe
C:\PROGRA~1\HP\DIGITA~1\bin\hpqgpc01.exe
C:\Documents and Settings\Jackie\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\Userinit.exe,esubx.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [ddhelper] "c:\windows\W815DM.EXE"
mRun: [LXCQCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCQtime.dll,_RunDLLEntry@16
mRun: [enuff_temp] c:\program files\akrontech\enuff\ENUFF.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\pg_remove.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vonetisef] Rundll32.exe "c:\windows\system32\tumaveko.dll",a
dRun: [AVG7_Run] c:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE
StartupFolder: c:\documents and settings\jackie\start menu\programs\startup\mri_disabled\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: &Search - ?p=ZJfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: RemindU - [You must be registered and logged in to see this link.] and settings\jackie\application data\upromise__remindu\uprot\uproC5.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - [You must be registered and logged in to see this link.]
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - [You must be registered and logged in to see this link.]
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: dowihume.dll c:\windows\system32\tumaveko.dll
SSODL: robuhoyor - {7509ff00-626a-4611-a1bb-1a9bd9339833} - c:\windows\system32\vovuzidi.dll
SSODL: nafobepef - {fef1bfbf-b183-4cf9-8ac8-79f95592273b} - c:\windows\system32\tumaveko.dll
STS: jugezatag: {7509ff00-626a-4611-a1bb-1a9bd9339833} - c:\windows\system32\vovuzidi.dll
STS: tokatiluy: {fef1bfbf-b183-4cf9-8ac8-79f95592273b} - c:\windows\system32\tumaveko.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\ewido anti-spyware 4.0\shellexecutehook.dll
SecurityProviders: msapsspc.dll schannel.dll digest.dll msnsspc.dll, msnsspc.dll
LSA: Notification Packages = scecli mosawawu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jackie\applic~1\mozilla\firefox\profiles\irbvipgg.jackie\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\jackie\application data\mozilla\firefox\profiles\irbvipgg.jackie\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol305.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-8-24 28544]
S1 DW;DW; [x]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-11-06 22:11:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-06 21:20:02 0 ----a-w- c:\documents and settings\jackie\Ÿ¬Ÿ¬
2009-11-05 00:41:02 693760 ----a-w- c:\windows\isRS-000.tmp
2009-11-05 00:40:57 0 d-----w- c:\docume~1\jackie\applic~1\Malwarebytes
2009-11-04 23:49:40 0 d-----w- c:\docume~1\jackie\applic~1\SUPERAntiSpyware.com
2009-10-31 14:44:18 0 d-----w- c:\windows\.jagex_cache_32
2009-10-24 01:27:04 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2009-10-15 08:07:01 118 ----a-w- c:\windows\system32\MRT.INI
2009-10-13 00:05:06 0 ----a-w- C:\LOG2E90.tmp

==================== Find3M ====================

2009-11-08 19:47:43 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-08 19:47:41 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-10-24 01:27:27 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-24 01:27:14 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-20 15:43:33 55 ---h--w- C:\dosldr.bin
2009-10-09 02:45:23 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-30 04:49:39 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-09-25 05:37:11 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37:09 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 20:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 20:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-08 18:35:39 38400 --sha-w- c:\windows\system32\bopedisu.dll
2009-08-08 19:40:02 89600 --sha-w- c:\windows\system32\boyesofo.dll
2009-08-04 16:05:15 51712 --sha-w- c:\windows\system32\dowihume.dll
2009-08-04 16:04:36 51712 --sha-w- c:\windows\system32\fojefulu.dll
2009-08-05 04:04:59 1 --sha-w- c:\windows\system32\fuwobozu.dll
2009-08-05 16:05:08 60928 --sha-w- c:\windows\system32\geyofebi.dll
2009-08-06 17:12:26 38912 --sha-w- c:\windows\system32\hafasego.dll
2009-08-04 16:05:15 51712 --sha-w- c:\windows\system32\judewoyu.dll
2009-08-06 17:12:26 89600 --sha-w- c:\windows\system32\juteruno.dll
2009-08-05 16:05:08 37888 --sha-w- c:\windows\system32\ladujehe.dll
2009-08-08 19:40:02 38400 --sha-w- c:\windows\system32\moriyava.dll
2009-08-04 16:05:15 51712 --sha-w- c:\windows\system32\mosawawu.dll
2009-08-07 05:11:07 89600 --sha-w- c:\windows\system32\seduvumo.dll

============= FINISH: 16:54:01.78 ===============

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 8th November 2009, 10:55 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/5/2009 1:47:29 PM
System Uptime: 11/8/2009 1:47:19 PM (3 hours ago)

Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

A: is Removable
C: is fȋxed (NTFS) - 144 GiB total, 80.171 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C6300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C6300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

==== System Restore Points ===================

RP326: 10/3/2009 3:00:20 AM - Software Distribution Service 3.0
RP327: 10/4/2009 3:00:20 AM - Software Distribution Service 3.0
RP328: 10/5/2009 3:00:19 AM - Software Distribution Service 3.0
RP329: 10/6/2009 3:00:19 AM - Software Distribution Service 3.0
RP330: 10/7/2009 3:00:17 AM - Software Distribution Service 3.0
RP331: 10/8/2009 3:00:17 AM - Software Distribution Service 3.0
RP332: 10/9/2009 3:00:19 AM - Software Distribution Service 3.0
RP333: 10/10/2009 3:00:21 AM - Software Distribution Service 3.0
RP334: 10/11/2009 3:00:25 AM - Software Distribution Service 3.0
RP335: 10/12/2009 3:00:19 AM - Software Distribution Service 3.0
RP336: 10/13/2009 3:00:17 AM - Software Distribution Service 3.0
RP337: 10/14/2009 7:08:18 AM - Software Distribution Service 3.0
RP338: 10/15/2009 3:00:21 AM - Software Distribution Service 3.0
RP339: 10/16/2009 3:00:17 AM - Software Distribution Service 3.0
RP340: 10/17/2009 3:00:21 AM - Software Distribution Service 3.0
RP341: 10/18/2009 3:00:21 AM - Software Distribution Service 3.0
RP342: 10/19/2009 3:00:18 AM - Software Distribution Service 3.0
RP343: 10/20/2009 3:00:19 AM - Software Distribution Service 3.0
RP344: 10/21/2009 3:00:17 AM - Software Distribution Service 3.0
RP345: 10/22/2009 3:00:19 AM - Software Distribution Service 3.0
RP346: 10/23/2009 3:00:17 AM - Software Distribution Service 3.0
RP347: 10/24/2009 3:00:22 AM - Software Distribution Service 3.0
RP348: 10/25/2009 3:00:18 AM - Software Distribution Service 3.0
RP349: 10/26/2009 3:00:21 AM - Software Distribution Service 3.0
RP350: 10/27/2009 3:00:16 AM - Software Distribution Service 3.0
RP351: 10/28/2009 3:00:17 AM - Software Distribution Service 3.0
RP352: 10/29/2009 3:00:19 AM - Software Distribution Service 3.0
RP353: 10/30/2009 3:00:16 AM - Software Distribution Service 3.0
RP354: 10/31/2009 3:00:17 AM - Software Distribution Service 3.0
RP355: 11/1/2009 3:00:22 AM - Software Distribution Service 3.0
RP356: 11/1/2009 4:00:15 AM - Software Distribution Service 3.0
RP357: 11/2/2009 4:00:20 AM - Software Distribution Service 3.0
RP358: 11/3/2009 4:00:17 AM - Software Distribution Service 3.0
RP359: 11/4/2009 4:20:44 AM - System Checkpoint
RP360: 11/5/2009 4:34:43 AM - System Checkpoint
RP361: 11/6/2009 5:34:43 AM - System Checkpoint
RP362: 11/6/2009 5:11:03 PM - Installed Java(TM) 6 Update 17
RP363: 11/6/2009 5:46:53 PM - Removed Adobe Reader 8.1.2
RP364: 11/6/2009 5:50:35 PM - Installed Adobe Reader 9.2.
RP365: 11/8/2009 1:46:56 PM - Removed SUPERAntiSpyware Free Edition
RP366: 11/8/2009 2:03:05 PM - System Checkpoint

==== Installed Programs ======================

2Wire Wireless Client
32 Bit HP CIO Components Installer
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Photoshop Elements
Adobe Reader 9.2
Adobe SVG Viewer
AnswerWorks 5.0 English Runtime
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
Autodesk DWF Viewer
Autodesk DWF Writer
AVG Free Edition
Battlefield Heroes
Bejeweled 2 Deluxe 1.0
Belarc Advisor 7.0
Blues Clues School
Bonjour
Boohbah Zone
Broadcom Gigabit Integrated Controller
C6300
C6300_Help
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Candy Land - Dora the Explorer Edition
Cards_Calendar_OrderGift_DoMorePlugout
Clue
Compact Wireless-G USB Adapter
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro Photo XI
Coupon Printer for Windows
Creative MediaSource
CustomerResearchQFolder
Dell Photo Printer 720
Dell ResourceCD
DeviceFunctionQFolder
DirectX Media Runtime 5.1
DocProc
DocProcQFolder
EA Download Manager
ENUFF PC
Events & Celebrations Clipart
ewido anti-spyware 4.0
FinePixViewer Ver.4.1
FUJIFILM USB Driver
FullDPAppQFolder
GdiplusUpgrade
Gold Miner
Handmark® MobileDB(TM) for Palm OS
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Extended Capabilities 5.0
HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Update
HPPhotoSmartPhotobookWebPack1
Image Transfer
ImageConverter Plus 7.1
ImageMixer for Sony
ImageMixer VCD2 for FinePix
iPod for Windows 2006-03-23
iTunes
Jasc Animation Shop 3
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Jasc Paint Shop Pro Studio Additional Content
Java(TM) 6 Update 17
Jay Jay Sky Heroes to the Rescue
JumpStart Advanced Language Club
JumpStart Advanced Preschool
JumpStart Advanced School Time
JumpStart Art for Fun
Kid Pix Deluxe 4
L&H TTS3000 Español
Left 4 Dead
Lernout & Hauspie TruVoice American English TTS Engine
Lexmark 9300 Series
Lexmark Toolbar
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Macromedia Dreamweaver MX
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia FreeHand 10
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Money 2007
Microsoft Money Shared Libraries
Microsoft Office XP Professional
Microsoft PowerPoint Viewer 97
Microsoft Text-to-Speech Engine 4.0 (English)
MicroStaff WINASPI
Mozilla Firefox (3.0.15)
Mozilla Thunderbird (2.0.0.16)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Network
OCR Software by I.R.I.S. 11.0
OpenOffice.org Installer 1.0
Otto
Palm
Panda ActiveScan 2.0
Picasa 2
powerOne Personal v3.1.4 for Handhelds
Presto! Forms 3.50.02
Presto! PageManager 7.12.10
progeCAD 2008 Std ENG
PS_AIO_04_C6300_ProductContext
PS_AIO_04_C6300_Software
PS_AIO_04_C6300_Software_Min
PSSWCORE
Publix Preschool Pals
PunkBuster Services
Quicken 2008
QuickTime
RealPlayer
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype™ 3.8
SmartWebPrinting
Sony USB Driver
Sound Blaster Audigy 2 ZS
SoundMAX
SplashPhoto
SplashShopper
Spybot - Search & Destroy 1.4
Steam
Strat-O-Matic CD-ROM Ver14.0
Toolbox
Unload
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Upromise remindU
VideoToolkit01
Viewpoint Media Player
Virgin Pulse Manager
Virtual Better Behavior Wheel
Virtual FlashCards 2.1
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
vmk_screensaver
WD Diagnostics
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip 11.1
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

11/8/2009 1:45:40 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file '3f93_appcompat.txt' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
11/7/2009 3:25:28 PM, error: DCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "%1450" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
11/6/2009 5:45:59 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/4/2009 7:44:42 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
11/3/2009 4:00:57 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
11/2/2009 9:32:41 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.

==== End Of File ===========================

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 8th November 2009, 10:59 pm

And how the heck do you learn how to actually understand all of that? Yikes!

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by Belahzur on 9th November 2009, 1:13 am

Hello.

Dragon has a topic here about how you can learn this stuff too.

[You must be registered and logged in to see this link.]

Sadly, we aren't done yet, this infection has spread pretty wildly.

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 9th November 2009, 1:58 am

ComboFix 09-11-08.03 - Jackie 11/08/2009 19:35.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.537 [GMT -6:00]
Running from: c:\documents and settings\Jackie\Desktop\Combo-Fix.exe
AV: AVG 7.5.560 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Start Menu\HP Image Zone .lnk
C:\LOG10A.tmp
C:\LOG11F.tmp
C:\LOG15E.tmp
C:\LOG18F.tmp
C:\LOG198.tmp
C:\LOG1D6.tmp
C:\LOG1E9.tmp
C:\LOG261.tmp
C:\LOG264.tmp
C:\LOG265.tmp
C:\LOG267.tmp
C:\LOG2BA.tmp
C:\LOG2E.tmp
C:\LOG2E90.tmp
C:\LOG303.tmp
C:\LOG304.tmp
C:\LOG316.tmp
C:\LOG320.tmp
C:\LOG32E.tmp
C:\LOG33A.tmp
C:\LOG361.tmp
C:\LOG362.tmp
C:\LOG363.tmp
C:\LOG364.tmp
C:\LOG3D7.tmp
C:\LOG5E3.tmp
C:\LOG60E.tmp
C:\LOG64F.tmp
C:\LOG76.tmp
C:\LOG8BA.tmp
C:\LOG91.tmp
C:\LOG9C.tmp
C:\LOGA3.tmp
C:\LOGA4.tmp
C:\LOGA86.tmp
C:\LOGAB.tmp
C:\LOGB2.tmp
C:\LOGC0E.tmp
C:\LOGCA.tmp
C:\LOGCB.tmp
C:\LOGCDC.tmp
C:\LOGDD.tmp
C:\LOGE25.tmp
c:\windows\system32\bopedisu.dll
c:\windows\system32\dowihume.dll
c:\windows\system32\fojefulu.dll
c:\windows\system32\fuwobozu.dll
c:\windows\system32\geyofebi.dll
c:\windows\system32\hafasego.dll
c:\windows\system32\judewoyu.dll
c:\windows\system32\ladujehe.dll
c:\windows\system32\moriyava.dll
c:\windows\system32\mosawawu.dll
c:\windows\Tasks\wuzfddwt.job
c:\windows\TEMP\logishrd\LVPrcInj03.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-11-06 22:50 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Jackie\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-11-06 22:50 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-11-06 22:49 . 2009-11-06 22:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-06 22:48 . 2009-11-06 22:48 86016 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-06 22:48 . 2009-11-06 22:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-11-06 22:48 . 2009-11-06 22:48 -------- d-----w- c:\program files\NOS
2009-11-06 22:48 . 2009-09-23 22:37 34112 ----a-w- c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\irbvipgg.Jackie\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-11-06 22:48 . 2009-09-23 22:37 32448 ----a-w- c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\irbvipgg.Jackie\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-11-06 22:48 . 2009-09-23 22:37 22352 ----a-w- c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\irbvipgg.Jackie\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-11-06 22:11 . 2009-11-06 22:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-06 17:11 . 2009-11-06 17:11 -------- d-----w- c:\documents and settings\Nicole\Application Data\Malwarebytes
2009-11-05 00:40 . 2009-11-05 00:40 -------- d-----w- c:\documents and settings\Jackie\Application Data\Malwarebytes
2009-11-04 23:49 . 2009-11-04 23:49 -------- d-----w- c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com
2009-10-31 14:44 . 2009-10-31 14:44 -------- d-----w- c:\windows\.jagex_cache_32
2009-10-24 01:27 . 2009-10-24 01:27 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 01:46 . 2008-09-12 21:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-09 01:46 . 2008-09-12 21:00 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-11-09 01:45 . 2005-08-19 03:27 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2009-11-09 01:45 . 2005-08-19 03:27 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2009-11-08 15:08 . 2005-08-09 03:29 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\AVG7
2009-11-08 04:16 . 2008-12-02 01:13 -------- d-----w- c:\program files\Steam
2009-11-07 21:15 . 2005-08-11 17:59 -------- d-----w- c:\program files\EA Games
2009-11-07 21:12 . 2008-08-24 13:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-06 22:50 . 2005-08-14 23:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-06 22:23 . 2005-08-30 03:23 -------- d-----w- c:\program files\Java
2009-11-05 01:54 . 2008-08-24 13:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-05 00:41 . 2009-11-05 00:41 693760 ----a-w- c:\windows\isRS-000.tmp
2009-10-24 01:27 . 2007-04-07 14:15 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-24 01:27 . 2007-04-06 01:35 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-20 15:43 . 2006-12-07 19:25 105 ----a-w- c:\windows\system32\esafedrv.dat
2009-10-20 15:43 . 2006-12-07 19:17 55 ---h--w- C:\dosldr.bin
2009-10-20 15:43 . 2006-12-07 19:17 55 ----a-w- c:\windows\pcenid.dat
2009-10-17 02:47 . 2007-07-08 21:11 -------- d-----w- c:\program files\Lx_cats
2009-10-13 17:10 . 2005-08-09 03:23 48232 ----a-w- c:\documents and settings\Jackie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-09 02:45 . 2007-04-06 01:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-30 04:49 . 2009-09-30 04:49 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-09-25 05:37 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 12:00 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 20:54 . 2008-08-24 13:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 20:53 . 2008-08-24 13:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-24 20:54 . 2009-03-28 22:33 48232 ----a-w- c:\documents and settings\Nicole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-09-16 02:26 . 2005-08-09 03:28 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
2009-08-08 19:40 . 2009-08-08 19:40 89600 --sha-w- c:\windows\SYSTEM32\boyesofo.dll
2009-08-06 17:12 . 2009-08-06 17:12 89600 --sha-w- c:\windows\SYSTEM32\juteruno.dll
2009-08-07 05:11 . 2009-08-07 05:11 89600 --sha-w- c:\windows\SYSTEM32\seduvumo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ddhelper"="c:\windows\W815DM.EXE" [2008-03-03 108032]
"LXCQCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll" [2006-10-16 106496]
"enuff_temp"="c:\program files\Akrontech\enuff\ENUFF.exe" [2008-08-08 550912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\pg_remove.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-06 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 219136]

c:\documents and settings\Jackie\Start Menu\Programs\Startup\MRI_DISABLED
PowerReg Scheduler V3.exe [2007-4-26 225280]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,esubx.exe,"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ENXPSVC]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Image Transfer.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Image Transfer.lnk
backup=c:\windows\pss\Image Transfer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ewido anti-spyware 4.0 guard"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxcqcoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\Program Files\\Akrontech\\enuff\\enuff.exe"=
"c:\\Program Files\\Akrontech\\enuff\\enuffcfg.exe"=
"c:\\Program Files\\Akrontech\\enuff\\enserv.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\CDROMBB\\SomBB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"427:UDP"= 427:UDP:SLP_Port(427)

R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [8/24/2008 9:01 AM 28544]
R2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe -service --> c:\windows\system32\lxcqcoms.exe -service [?]
S1 DW;DW; [x]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 6:00 AM 14336]
S3 vpusbdrv;vpusbdrv;c:\windows\SYSTEM32\DRIVERS\vpusbdrv.sys [5/8/2006 8:19 PM 11039]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
IE: &Search - ?p=ZJfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: RemindU - [You must be registered and logged in to see this link.] and settings\Jackie\Application Data\Upromise__RemindU\uprot\uproC5.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\irbvipgg.Jackie\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\irbvipgg.Jackie\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol305.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{e494ba42-13f9-484b-841e-6219f2f35a36} - judewoyu.dll
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
HKLM-Run-vonetisef - c:\windows\system32\tumaveko.dll
HKLM-Run-remenatosu - mosawawu.dll
SharedTaskScheduler-{7509ff00-626a-4611-a1bb-1a9bd9339833} - c:\windows\system32\vovuzidi.dll
SharedTaskScheduler-{fef1bfbf-b183-4cf9-8ac8-79f95592273b} - c:\windows\system32\tumaveko.dll
SSODL-robuhoyor-{7509ff00-626a-4611-a1bb-1a9bd9339833} - c:\windows\system32\vovuzidi.dll
SSODL-nafobepef-{fef1bfbf-b183-4cf9-8ac8-79f95592273b} - c:\windows\system32\tumaveko.dll
AddRemove-HijackThis - c:\documents and settings\Jackie\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-08 19:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCQCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\CVSEXPSS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\SXPESVC.EXE
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\lxcqcoms.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\PSIService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\progra~1\HP\DIGITA~1\bin\hpqbam08.exe
c:\progra~1\HP\DIGITA~1\bin\hpqgpc01.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-11-09 19:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-09 01:56

Pre-Run: 86,249,463,808 bytes free
Post-Run: 88,114,397,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 9F6E43352078C8DED7940266E220ED83

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by Belahzur on 9th November 2009, 8:48 pm

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\SYSTEM32\boyesofo.dll
    c:\windows\SYSTEM32\juteruno.dll
    c:\windows\SYSTEM32\seduvumo.dll

    Registry::
    [HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\Control\SecurityProviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="c:\windows\system32\userinit.exe,"
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 9th November 2009, 11:32 pm

Okie dokie - so I did that...and now my computer is really not working.

ComboFix did its thing and then rebooted on its own as it said it was going to do. The computer restarts, it gets to the log on screen (we have multiple users), I'm able to log on, but then the screen goes blue. The cursor seems to be stuck in the top left corner and every so often it changes like it is "thinking" but that is it...

help!

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 9th November 2009, 11:40 pm

And I'm obviously typing this from another computer. Also, the computer itself is making a weird noise...almost like it is trying too hard.

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by Belahzur on 10th November 2009, 5:30 pm

Hello.
Do you have your XP disc?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 10th November 2009, 10:20 pm

I do - just gotta find it ;)

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 10th November 2009, 10:23 pm

I found a Cd still wrapped in plastic that is Dell and says:

Reinstallation DVD
Microsoft Windows XP Media Center Edition

Is that what I'm looking for?

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by Belahzur on 11th November 2009, 12:38 am

Good, just in case we need it.

Can you boot into safe mode rather than normal mode?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 11th November 2009, 1:27 am

I can - but it is just a black screen (and I'm sorry if this double posts, I swear I already wrote this!). It has "safe mode" in each of the corners but it is just a black screen otherwise. When I do ctrl+alt+del the task manager pops up. Nothing "running" and under processes it shows:

taskmgr.exe
svchost.exe
svchost.exe
svchost.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
System
System Idle Process SYSTEM

that is all I can do...no start button, nothing.

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 13th November 2009, 1:37 am

Bump - thanks.

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by Belahzur on 13th November 2009, 1:39 am

Thanks. Smile

Looks like explorer may not be loading, it's not on that list. Does the mouse work in safe mode or is it still stuck in the corner?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 13th November 2009, 1:50 am

The mouse works in safe mode

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by Belahzur on 13th November 2009, 5:37 pm

Okay, go back into the Task Managed, and go the Applications tab.

Hit "New Task...", type in explorer and hit the OK button. Does your Desktop load now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 13th November 2009, 8:22 pm

Yes - the Desktop loaded and ComboFix automatically started again and says it is loading the report. Once it loads the report, what should I do? I don't have a thumb drive, but will the CD burner work in Safe Mode so I can copy the report and bring it over to this computer?

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 13th November 2009, 8:35 pm

Ok - I restarted the computer (hope that was OK?) since it seemed to be working good and ComboFix finished running...everything seems to be running again...here is the ComboFix report.

ComboFix 09-11-08.03 - Jackie 11/09/2009 15:53.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.471 [GMT -6:00]
Running from: c:\documents and settings\Jackie\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jackie\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\SYSTEM32\boyesofo.dll"
"c:\windows\SYSTEM32\juteruno.dll"
"c:\windows\SYSTEM32\seduvumo.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SYSTEM32\boyesofo.dll
c:\windows\system32\juteruno.dll
c:\windows\SYSTEM32\seduvumo.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-09 18:15 . 2009-11-09 20:45 -------- d-----w- C:\$AVG8.VAULT$
2009-11-09 14:11 . 2009-11-09 02:09 2064152 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgcorex.dll
2009-11-09 14:11 . 2009-11-09 02:09 3510552 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgui.exe
2009-11-09 14:11 . 2009-11-09 02:09 2025752 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgtray.exe
2009-11-09 02:09 . 2009-11-09 02:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-09 02:09 . 2009-11-09 02:09 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-09 02:09 . 2009-11-09 02:09 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-09 02:09 . 2009-11-09 14:12 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-09 02:09 . 2009-11-09 02:09 -------- d-----w- c:\program files\AVG
2009-11-09 02:09 . 2009-11-09 02:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-11-09 01:44 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-09 01:44 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-06 22:50 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Jackie\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-11-06 22:50 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-11-06 22:49 . 2009-11-06 22:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-06 22:48 . 2009-11-06 22:48 86016 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-06 22:48 . 2009-11-06 22:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-11-06 22:48 . 2009-11-06 22:48 -------- d-----w- c:\program files\NOS
2009-11-06 22:48 . 2009-09-23 22:37 34112 ----a-w- c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\irbvipgg.Jackie\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-11-06 22:48 . 2009-09-23 22:37 32448 ----a-w- c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\irbvipgg.Jackie\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-11-06 22:48 . 2009-09-23 22:37 22352 ----a-w- c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\irbvipgg.Jackie\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-11-06 22:11 . 2009-11-06 22:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-06 17:11 . 2009-11-06 17:11 -------- d-----w- c:\documents and settings\Nicole\Application Data\Malwarebytes
2009-11-05 00:40 . 2009-11-05 00:40 -------- d-----w- c:\documents and settings\Jackie\Application Data\Malwarebytes
2009-11-04 23:49 . 2009-11-04 23:49 -------- d-----w- c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com
2009-10-31 14:44 . 2009-10-31 14:44 -------- d-----w- c:\windows\.jagex_cache_32
2009-10-24 01:27 . 2009-10-24 01:27 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 01:48 . 2008-09-12 21:00 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-11-09 23:26 . 2008-09-12 21:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-09 23:15 . 2005-08-19 03:27 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2009-11-09 23:15 . 2005-08-19 03:27 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
2009-11-09 20:35 . 2006-11-09 23:05 -------- d-----w- c:\program files\Upromise__RemindU
2009-11-09 02:09 . 2006-11-16 00:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-08 04:16 . 2008-12-02 01:13 -------- d-----w- c:\program files\Steam
2009-11-07 21:15 . 2005-08-11 17:59 -------- d-----w- c:\program files\EA Games
2009-11-07 21:12 . 2008-08-24 13:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-06 22:50 . 2005-08-14 23:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-06 22:23 . 2005-08-30 03:23 -------- d-----w- c:\program files\Java
2009-11-05 01:54 . 2008-08-24 13:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-05 00:41 . 2009-11-05 00:41 693760 ----a-w- c:\windows\isRS-000.tmp
2009-10-24 01:27 . 2007-04-07 14:15 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-24 01:27 . 2007-04-06 01:35 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-20 15:43 . 2006-12-07 19:25 105 ----a-w- c:\windows\system32\esafedrv.dat
2009-10-20 15:43 . 2006-12-07 19:17 55 ---h--w- C:\dosldr.bin
2009-10-20 15:43 . 2006-12-07 19:17 55 ----a-w- c:\windows\pcenid.dat
2009-10-17 02:47 . 2007-07-08 21:11 -------- d-----w- c:\program files\Lx_cats
2009-10-13 17:10 . 2005-08-09 03:23 48232 ----a-w- c:\documents and settings\Jackie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-09 02:45 . 2007-04-06 01:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-30 04:49 . 2009-09-30 04:49 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-09-25 05:37 . 2004-08-04 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 12:00 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 20:54 . 2008-08-24 13:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 20:53 . 2008-08-24 13:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-24 20:54 . 2009-03-28 22:33 48232 ----a-w- c:\documents and settings\Nicole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-09-16 02:26 . 2005-08-09 03:28 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-09 23:27 . 2009-11-09 23:27 16384 c:\windows\Temp\Perflib_Perfdata_518.dat
+ 2009-11-09 23:16 . 2009-11-09 23:16 16384 c:\windows\Temp\Perflib_Perfdata_24c.dat
+ 2005-08-09 14:05 . 2008-07-08 13:02 17272 c:\windows\SYSTEM32\spmsg.dll
- 2005-08-09 14:05 . 2009-05-26 11:40 17272 c:\windows\SYSTEM32\spmsg.dll
+ 2009-11-09 02:09 . 2009-11-09 02:09 337408 c:\windows\Installer\14fafc.msi
- 2004-08-04 12:00 . 2009-09-25 05:37 3070976 c:\windows\SYSTEM32\mshtml.dll
+ 2004-08-04 12:00 . 2009-10-19 23:53 3070976 c:\windows\SYSTEM32\mshtml.dll
+ 2009-02-20 08:11 . 2009-10-19 23:53 3070976 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
- 2009-02-20 08:11 . 2009-09-25 05:37 3070976 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2009-11-09 01:50 . 2009-11-09 01:50 19210240 c:\windows\Installer\45abf.msp
+ 2009-11-09 09:00 . 2009-11-09 09:00 19210240 c:\windows\Installer\1764d1b.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ddhelper"="c:\windows\W815DM.EXE" [2008-03-03 108032]
"LXCQCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll" [2006-10-16 106496]
"enuff_temp"="c:\program files\Akrontech\enuff\ENUFF.exe" [2008-08-08 550912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\pg_remove.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-06 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-09 2028312]

c:\documents and settings\Jackie\Start Menu\Programs\Startup\MRI_DISABLED
PowerReg Scheduler V3.exe [2007-4-26 225280]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-09 02:09 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ENXPSVC]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Image Transfer.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Image Transfer.lnk
backup=c:\windows\pss\Image Transfer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ewido anti-spyware 4.0 guard"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxcqcoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\Program Files\\Akrontech\\enuff\\enuff.exe"=
"c:\\Program Files\\Akrontech\\enuff\\enuffcfg.exe"=
"c:\\Program Files\\Akrontech\\enuff\\enserv.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\CDROMBB\\SomBB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"427:UDP"= 427:UDP:SLP_Port(427)

S0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [8/24/2008 9:01 AM 28544]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [11/8/2009 8:09 PM 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [11/8/2009 8:09 PM 108552]
S1 DW;DW; [x]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/8/2009 8:09 PM 297752]
S2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe -service --> c:\windows\system32\lxcqcoms.exe -service [?]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 6:00 AM 14336]
S3 vpusbdrv;vpusbdrv;c:\windows\SYSTEM32\DRIVERS\vpusbdrv.sys [5/8/2006 8:19 PM 11039]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
IE: &Search - ?p=ZJfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: RemindU - [You must be registered and logged in to see this link.] and settings\Jackie\Application Data\Upromise__RemindU\uprot\uproC5.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\irbvipgg.Jackie\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Jackie\Application Data\Mozilla\Firefox\Profiles\irbvipgg.Jackie\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol305.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-unupro5 - c:\program files\Upromise__RemindU\UpromiseRemindUv.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-13 14:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCQCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\MI-SC4.acm
.
Completion time: 2009-11-13 14:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-13 20:27
ComboFix2.txt 2009-11-09 01:57

Pre-Run: 87,884,075,008 bytes free
Post-Run: 87,928,270,848 bytes free

- - End Of File - - 47212F4654B2DB6C0A31AAEBA24C425A

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by Belahzur on 13th November 2009, 10:49 pm

Please post a new Hijack This log now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 19th November 2009, 10:52 pm

Sorry - got so excited with it working "normal" that I forgot to post this!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:22 PM, on 11/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CVSEXPSS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SXPESVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxcqcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\W815DM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Akrontech\enuff\ENUFF.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\HP\DIGITA~1\bin\hpqbam08.exe
C:\PROGRA~1\HP\DIGITA~1\bin\hpqgpc01.exe
C:\Documents and Settings\Jackie\Desktop\winlogon.scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,esubx.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [ddhelper] "C:\WINDOWS\W815DM.EXE"
O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [enuff_temp] C:\Program Files\Akrontech\enuff\ENUFF.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\pg_remove.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MRI_DISABLED
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: RemindU - [You must be registered and logged in to see this link.] and Settings\Jackie\Application Data\Upromise__RemindU\uprot\uproC5.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - [You must be registered and logged in to see this link.] and Settings\Jackie\Application Data\Upromise__RemindU\uprot\uproC5.htm (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - [You must be registered and logged in to see this link.]
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ENUFF XP Service (ENXPSVC) - Akrontech - C:\WINDOWS\system32\CVSEXPSS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 9806 bytes

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by Belahzur on 20th November 2009, 12:06 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,esubx.exe,
    O4 - Startup: MRI_DISABLED
    O8 - Extra context menu item: &Search - ?p=ZJfox000


  • Press "Fix Checked"
  • Close Hijack This.

How is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I.E. opening by itself and then error

Post by ltlfroggie on 22nd November 2009, 11:52 pm

Seems to be working just fine - thank you so much!

ltlfroggie
Intermediate
Intermediate

Posts Posts : 97
Joined Joined : 2009-11-05
OS OS : XP
Points Points : 26905
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum