[des1o]

Hello geekstogo,

I'm having trouble with my Internet Explorer. I had to reformat my harddrive because it was so infected that there was no way to get rid of it all. I mean, there was, but I didn't have the know how to do it.

The first trouble I had was squares across and some symbols along the page name at the top where it says "Internet Explorer" in blue in the new XP view of the OS. I ran Adaware and AVG AntiSpyware and it got rid of that.

So I try to use it about 9 months after that and no luck. I used the network diagnositics tool on the page for IE 7. But then I realized that it just checks for Internet Connectivity.

Is there a program or hijacker that could block my access to IE or change the advanced settings to where it wouldn't work for me? If anybody knows, I'd like to be able to use IE again because some sites require it.

From the default page in IE, when I couldn't get it to work, I went to "view source" under tools, and it looked like C++ code and it had "dnserror" written into it.? When I open IE, it flashes an address at the bottom that says dnserror in it. Could that be it?

I have posted a HJT log before, and i tried everything thats in the prescans but safemode AVG. But nothing works. Please help.

Thanks, and have a good day.

-des1o

Attached Files

•  firstscan.txt   6.69KB   174 downloads

Edited by des1o, 29 September 2007 - 12:07 PM.

[Advertisements]

Hi, des1o

Welcome to Geeks to go.

Go to the Add/Remove Programs Options n the Control Panel and remove Windows Internet Explorer 7.0. That should revet IE back to version 6.0. Test the browser after a restart. If it works, go back and reinstall IE 7.0

Keep us posted.

[JSntgRvr]

Hi, des1o

Welcome to Geeks to go.

Go to the Add/Remove Programs Options n the Control Panel and remove Windows Internet Explorer 7.0. That should revet IE back to version 6.0. Test the browser after a restart. If it works, go back and reinstall IE 7.0

Keep us posted.

[des1o]

I uninstalled IE 7 and did a restart. My spybot s&d caught some changes to the registry, should I allow them?
I tested the old IE 6.0. It didn't work. Should I go ahead and download IE 7 again?

Thanks,

JR

[JSntgRvr]

Hi, des1o

I uninstalled IE 7 and did a restart. My spybot s&d caught some changes to the registry, should I allow them?
I tested the old IE 6.0. It didn't work. Should I go ahead and download IE 7 again?

Thanks,

JR

By all means!

• Enter your Control Panel and double-click on Network Connections
• Then right click on your Default Connection
  • Usually Local Area Connection for Cable and DSL, or AOL Connection.
• Left click on Properties
• Double-Click on the Internet Protocol (TCP/IP) item
• Select the radio dial that says Obtain DNS Servers Automatically
• Press OK twice to get out of the properties screen

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:


netsh int ip reset C:\Resetlog.txt
netsh winsock reset catalog
ipconfig /flushdns (The space between g and / is needed)
Exit

Restart the computer.

Lets scan for malware:

Download ComboFix from Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[des1o]

I completed the command prompt instructions, and ran combofix. Here is the log:

ComboFix 07-10-05.3 - Owner 2007-10-04 22:52:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.374 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Desktop\internet.lnk

.
((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 )))))))))))))))))))))))))))))))
.

2007-10-04 22:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-02 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-05 20:51 <DIR> d-------- C:\WINDOWS\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-17 11:39 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-17 11:39 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-06 22:05 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-06 22:05 --------- d-------- C:\Program Files\SiS VGA Utilities V3.59b
2007-08-06 21:37 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-08-06 21:37 --------- d-------- C:\Program Files\Media Audio Capture
2007-08-06 21:28 --------- d-------- C:\Program Files\Dell Wireless
2007-08-06 21:27 --------- d-------- C:\Program Files\Defender Pro
2007-08-06 21:25 --------- d-------- C:\Program Files\Common Files\Merge Modules
2007-08-06 21:25 --------- d-------- C:\Program Files\Common Files\Funk Software
2007-08-06 21:25 --------- d-------- C:\Program Files\Common Files\Defender Pro Firewall
2007-08-06 21:25 --------- d-------- C:\Program Files\Audio Converter
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-09 14:42 737280 --a------ C:\WINDOWS\iun6002.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-11-19 15:41 C:\WINDOWS\AGRSMMSG.exe]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-12 16:22]
"KAVPersonal50"="C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" [2005-10-21 04:21]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 07:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Defender Pro Firewall.lnk - C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe [2005-09-27 05:31:30]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-06-01 09:09:01]
Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe [2007-05-31 16:55:19]
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-06-05 10:28:27]

R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys
R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
S3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver;C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
S4 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 22:54:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-04 22:56:41
C:\ComboFix-quarantined-files.txt ... 2007-10-04 22:56
.
--- E O F ---

Thanks,

JR

[JSntgRvr]

Hi, des1o

• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as CFScript.txt
• Change the Save as Type to All Files
• and Save it on the desktop

File::
C:\WINDOWS\iun6002.exe

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log.

Download the enclosed folder: Save and extract its contents to the desktop. It is a folder containing a Batch file . Once extracted, double click on the Batch file and post the resulting report in your next reply.

[des1o]

Here is the information you requested:

ComboFix:

ComboFix 07-10-05.3 - Owner 2007-10-05 10:22:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.390 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\iun6002.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\iun6002.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 )))))))))))))))))))))))))))))))
.

2007-10-04 22:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-02 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-05 20:51 <DIR> d-------- C:\WINDOWS\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-17 11:39 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-17 11:39 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-06 22:05 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-06 22:05 --------- d-------- C:\Program Files\SiS VGA Utilities V3.59b
2007-08-06 21:37 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-08-06 21:37 --------- d-------- C:\Program Files\Media Audio Capture
2007-08-06 21:28 --------- d-------- C:\Program Files\Dell Wireless
2007-08-06 21:27 --------- d-------- C:\Program Files\Defender Pro
2007-08-06 21:25 --------- d-------- C:\Program Files\Common Files\Merge Modules
2007-08-06 21:25 --------- d-------- C:\Program Files\Common Files\Funk Software
2007-08-06 21:25 --------- d-------- C:\Program Files\Common Files\Defender Pro Firewall
2007-08-06 21:25 --------- d-------- C:\Program Files\Audio Converter
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-11-19 15:41 C:\WINDOWS\AGRSMMSG.exe]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-12 16:22]
"KAVPersonal50"="C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" [2005-10-21 04:21]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 07:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Defender Pro Firewall.lnk - C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe [2005-09-27 05:31:30]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-06-01 09:09:01]
Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe [2007-05-31 16:55:19]
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-06-05 10:28:27]

R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys
R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
S3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver;C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
S4 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-05 10:24:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-05 10:26:49
C:\ComboFix-quarantined-files.txt ... 2007-10-05 10:26
C:\ComboFix2.txt ... 2007-10-04 22:56
.
--- E O F ---


Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 10:32:23 AM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1180648622609
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

And, the batch file:

Fri 10/05/2007 10:35:13.64

"C:\Program Files\Internet Explorer\iexplore.exe" 93184 02/28/2006 07:00 AM
"C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe" 625152 02/28/2007 01:51 AM
"C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\iexplore.exe" 625152 04/24/2007 09:20 AM
"C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe" 625152 06/27/2007 04:16 AM
"C:\WINDOWS\Help\iexplore.chm" 204810 02/28/2006 07:00 AM
"C:\WINDOWS\Help\iexplore.hlp" 180335 02/28/2006 07:00 AM
"C:\WINDOWS\ie7updates\KB931768-IE7\iexplore.exe" 622080 10/17/2006 12:04 PM
"C:\WINDOWS\ie7updates\KB937143-IE7\iexplore.exe" 625152 04/24/2007 09:26 AM
"C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf" 64648 10/04/2007 10:49 PM
"C:\WINDOWS\system32\dllcache\iexplore.exe" 93184 02/28/2006 07:00 AM

I appreciate it,

-JR

[JSntgRvr]

Hi, des1o

How are you connecting at this poing? I see no bowser running in the processes.

In case we need to reinstall Internet Explorer 6.0, do you have the installation CD?

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Defender Pro Firewall
Defender Pro Anti-Virus
Defender Pro

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Defender Pro

Restart the computer and test.

[des1o]

Hello,

I'm hesitant to delete Defender Pro. I bought a liscense for the product for one year. I've been thinking about F-Secure. Is F-Secure the best? What is the best Firewall out there? I don't like Norton products.

I am running Mozilla Firefox. I don't have the installation CD for internet explorer, can't I just download it?

Please let me know what the best thing to do is if I don't delete Defender Pro. Do you think that DP is causing my problems?

Sorry,

-JR

[JSntgRvr]

Hi, des1o

Hello,

I'm hesitant to delete Defender Pro. I bought a liscense for the product for one year. I've been thinking about F-Secure. Is F-Secure the best? What is the best Firewall out there? I don't like Norton products.

I am running Mozilla Firefox. I don't have the installation CD for internet explorer, can't I just download it?

Please let me know what the best thing to do is if I don't delete Defender Pro. Do you think that DP is causing my problems?

Sorry,

-JR

Lets keep what we have up to now. Do not change Antivirus programs.

I don't see Foxpro in the running processes. Are you able to connect with Firefox? Keep IE6 for the time being. The reason you should remove Defender Pro is to discard the posibility that its firewall is keeping you from connecting to the Internet.

If you have the Windows XP SP2 installation CD, go to Start ->Run, copy and paste the following command and click Ok: (The complete line is the command. Due to lack of space it may look as two lines):

rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 c:\windows\inf\ie.inf

You will be asked for the Iexplore.exe file. Insert the Installation CD and locate the Iexplore.exe in the \i386 folder. That should reinstall IE6 SP2. Restart the computer when done.

To perform a connectivity test. Download the enclosed folder: Save and extract its contents to the desktop. It is a batch file, Test.bat. Once extracted double click on the Test.bat file and post back the report it may produced.

[des1o]

I set Defender Pro Firewall to the "Allow All" setting and My internet explorer worked fine. Should I go ahead and download IE 7? It was my firewall that was kicking me off Internet Explorer. Are there any malware or viruses showing up in the scans?

Thanks,

-JR

[JSntgRvr]

Hi, des1o.

Congratulations.

Antivirus programs play an important role in the protection of your system. Here are some options:

• Free Protection:
  
  • AVG FREE
  • AVIRA
  • AVAST
  • Activevirusshield
• Shareware:
  
  • Node32
• Reccomendation:
  • -> Node32

If the Antivirus does not have a firewall, you can try Comodo.

As a general rule, you can only have one anti-virus running. Same rule applies to firewalls.

Everthing else looks clear.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Create a Restore point:

• Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
• In the System Restore dialog box, click Create a restore point, and then click Next.
• Type a description for your restore point, such as "After Cleanup", then click Create.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

• Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  
• AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  
• SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  
• IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  
• CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  
• Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

Best wishes!