Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE7 slow running [RESOLVED]

Started by michaeldemp , Apr 08 2008 02:19 AM

  • This topic is locked This topic is locked

#1
michaeldemp
Posted 08 April 2008 - 02:19 AM

michaeldemp

    Member

  • Member
  • PipPip
  • 20 posts
Hello kind helpers. My version of IE7 has started taking around 2 minutes to start up. Not long ago, it took seconds. I should really appreciate some advice. The log file is posted below

Thank you

Mike

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:16:18, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Tanagra\Memeo\MemeoService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\InitialServ.dll
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tanagra\Memeo\MemeoBackup.exe
C:\Program Files\FirstClass\Fcc32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.2/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] wnetlogin.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [Microsoft Update] wserv32.exe
O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EMCKEYBOARD] C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [Microsoft System Checkup] wnetlogin.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wserv32.exe
O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update] wserv32.exe
O4 - HKCU\..\Run: [c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] wserv32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Memeo Launcher.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Homepage Protector - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiny.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab53083.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab53083.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab53083.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://www.crownbar.com/LNetCam.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124285578718
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.fringef...emote/msrdp.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewiz.../popblocker.cab
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12A16ADC7} -
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12D86ADC7} -
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab53083.cab
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} (Catan Online Game) - http://zone.msn.com/...an.cab36900.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab53852.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: System ID Service (System) - Unknown owner - C:\WINDOWS\System32\InitialServ.dll

--
End of file - 12739 bytes
  • 0

Advertisements

#2
sage5
Posted 08 April 2008 - 06:24 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi michaeldemp,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
ComboFix
Malwarebytes' Anti-Malware from Here or Here


Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O2 - BHO: (no name) - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - (no file)
O4 - HKLM\..\Run: [Microsoft System Checkup] wnetlogin.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] wnetlogin.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [Microsoft Update] wserv32.exe
O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] wnetlogin.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wserv32.exe
O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe
O4 - HKCU\..\Run: [Microsoft Update] wserv32.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12A16ADC7} -
O16 - DPF: {92F02779-6D88-4958-8AD3-83C12D86ADC7} -
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} (Catan Online Game) - http://zone.msn.com/...an.cab36900.cab
  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


Run ComboFix:
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Log file will be C:\Combofix.txt

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


You don't appear to be running a 3rd party firewall. These are essential to protect from trojans, viruses, spyware etc.

You should check out:- Comodo Firewall Pro or Sunbelt Personal Firewall

User manuals are available for both:
Comodo's manual is built in and accessable from the Help Menu.

Sunbelt Manual Here

Both are simple to install & free to use.
Please install only 1

I need you to post me a fresh HijackThis log to confirm correct installation of the Firewall.
Also send me the text from C:\Combofix.txt

Cheers,

sage5

Edited by sage5, 08 April 2008 - 06:26 AM.

  • 0

#3
michaeldemp
Posted 09 April 2008 - 03:58 AM

michaeldemp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hello Sage 5. Thank you so much for your attention. I have done exactly what you suggested down to your reference to a firewall. According to my Kaspersky front page, the Kaspersky firewall is running. Is that not sufficient? Incidentally, I also did a Kaspersky virus check and that was negative.

The HijackThis and Combofix logs are posted below.

Mike
________________________________________________________________________________
_____________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:16, on 09/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Tanagra\Memeo\MemeoService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\InitialServ.dll
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tanagra\Memeo\MemeoBackup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.2/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EMCKEYBOARD] C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] wserv32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Memeo Launcher.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Homepage Protector - {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiny.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab53083.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab53083.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab53083.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://www.crownbar.com/LNetCam.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124285578718
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.fringef...emote/msrdp.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.fizzlewiz.../popblocker.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab53083.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab53852.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: System ID Service (System) - Unknown owner - C:\WINDOWS\System32\InitialServ.dll

--
End of file - 11408 bytes
________________________________________________________________________________
_________

Malwarebytes' Anti-Malware 1.11
Database version: 599

Scan type: Full Scan (C:\|J:\|)
Objects scanned: 211387
Time elapsed: 57 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
sage5
Posted 10 April 2008 - 05:13 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi michaeldemp,

Can you send me the ComboFix log?
It will be at C:\combofix.txt
  • 0

#5
michaeldemp
Posted 10 April 2008 - 07:24 AM

michaeldemp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi. Sorry, I thought that combofix was the same as the Malwarebyte program. Below is the Combofix log.

Mike

________________________________________________________________________________
__________

ComboFix 08-04-09.9 - Michael Dempsey 2008-04-10 14:05:48.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.430 [GMT 1:00]
Running from: C:\Program Files\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\inita.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSTEM
-------\Service_System


((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-10 14:01 . 2008-04-10 14:01 1,671,341 --a------ C:\Program Files\ComboFix.exe
2008-04-09 11:36 . 2008-04-09 11:36 3,389,712 --a------ C:\Program Files\rfasetup.exe
2008-04-08 14:16 . 2008-04-08 14:16 <DIR> d-------- C:\Documents and Settings\Michael Dempsey\Application Data\Malwarebytes
2008-04-08 14:15 . 2008-04-08 14:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 14:15 . 2008-04-08 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-08 13:50 . 2008-04-08 13:51 1,596,094 --a------ C:\Program Files\mbam-setup.exe
2008-04-08 09:16 . 2008-04-08 09:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-08 09:15 . 2008-04-08 09:15 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-04-08 08:48 . 2008-04-08 08:48 1,308,216 --a------ C:\Program Files\HiJackThis_v2.exe
2008-04-07 14:32 . 2008-04-07 14:32 <DIR> d-------- C:\Documents and Settings\Michael Dempsey\Application Data\Tanagra
2008-04-07 14:31 . 2008-04-07 14:31 <DIR> d-------- C:\Program Files\Tanagra
2008-04-07 14:31 . 2008-04-07 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tanagra
2008-04-07 14:29 . 2008-04-07 14:29 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-02 12:40 . 2008-04-02 12:40 <DIR> d-------- C:\Program Files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 13:14 524,288 ----a-w C:\WINDOWS\system32\drivers\CnxE2FS.bin
2008-04-10 13:13 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-10 13:13 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-10 13:13 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-10 13:13 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-08 07:50 12,839 ----a-w C:\Program Files\hijackthis.log
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 11:45 --------- d-----w C:\Program Files\iTunes
2008-03-05 11:45 --------- d-----w C:\Program Files\iPod
2008-03-05 11:42 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-01 17:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-19 20:59 --------- d-----w C:\Documents and Settings\The Boys\Application Data\X10 Commander
2008-02-16 09:30 --------- d-----w C:\Documents and Settings\The Boys\Application Data\Apple Computer
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-25 16:49 12,444,592 ----a-w C:\Program Files\spamfighter_550.exe
2007-06-10 12:04 23,733,400 ----a-w C:\Program Files\kav6.0.2.678_winwksen.exe
2006-11-30 14:24 36,808,256 ----a-w C:\Program Files\iTunesSetup.exe
2006-09-30 16:48 13,714,856 ----a-w C:\Program Files\zlsSetup_65_737_000_en.exe
2006-08-04 09:42 1,681,072 ----a-w C:\Program Files\KODAK EASYSHARE Gallery Upload Software, V2.0.exe
2006-07-04 09:37 1,530,640 ----a-w C:\Program Files\Hello651.exe
2006-06-25 07:35 13,707,688 ----a-w C:\Program Files\zlsSetup_65_722_000_en.exe
2006-04-07 08:28 10,523,240 ----a-w C:\Program Files\zlsSetup_61_744_001_en.exe
2006-04-04 15:52 3,369,204 ----a-w C:\Program Files\FileHandler.zip
2006-01-13 13:33 11,817,800 ----a-w C:\Program Files\GoogleEarth.exe
2005-12-16 11:48 3,782,705 ----a-w C:\Program Files\wace26i.exe
2005-12-14 08:51 6,104,166 ----a-w C:\Program Files\FirstClass-web.exe
2005-11-28 09:45 10,537,576 ----a-w C:\Program Files\zlsSetup_61_737_000_en.exe
2004-06-17 12:25 4,960,732 ----a-w C:\Program Files\FirefoxSetup-0.9.exe
2004-06-16 09:08 477,888 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Back Me Up!]
@=

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2003-09-02 06:46 106574]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-01 19:57 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-14 23:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-05 09:55 393728]
"IW ControlCenter"="C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2003-03-12 11:56 836096]
"rfagent"="C:\Program Files\RFA\rfagent.exe" [2007-12-04 20:45 916800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [2007-03-05 18:53 206456]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2006-11-15 17:02 473600]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"EMCKEYBOARD"="C:\Program Files\EMC\Keyboard Application\1.2\EMCKBAPP.exe" [2005-12-09 14:28 376320]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
"Microsoft Update"="wserv32.exe" []

C:\Documents and Settings\The Boys\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\Wendy Dempsey\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\Roger Irish\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\Michael Dempsey\Start Menu\Programs\Startup\
Memeo Launcher.lnk - C:\Documents and Settings\Michael Dempsey\Application Data\Microsoft\Installer\{78A39E62-605C-4E8E-9674-31E03BEC29B7}\_8F1B0A23F0AC40B99A091F7F3D92B106.exe [2008-04-07 14:32:05 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Dempsey^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
--a------ 2003-08-12 13:50 188416 C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-09-12 21:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
--a------ 2006-03-23 13:41 991232 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SupaDial]
--a------ 2003-08-26 16:40 286720 C:\Program Files\SupaDial\SupaDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-06-16 09:49 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 vobcom;vobcom;C:\WINDOWS\system32\drivers\vobcom.sys [2001-10-04 11:53]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2003-04-10 12:12]
R2 TTDec;ATI WDM Teletext Decoder;C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2003-08-06 13:37]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2002-12-13 18:33]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-02-02 12:31]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-09 11:38:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 14:15:48
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"="c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\FXSSVC.EXE
C:\WINDOWS\SYSTEM32\MSIEXEC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tanagra\Memeo\MemeoBackup.exe
C:\WINDOWS\SYSTEM32\IMAPI.EXE
.
**************************************************************************
.
Completion time: 2008-04-10 14:19:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-10 13:18:46
Pre-Run: 167,365,836,800 bytes free
Post-Run: 167,286,800,384 bytes free
.
2008-04-09 14:23:47 --- E O F ---
  • 0

#6
sage5
Posted 11 April 2008 - 07:47 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi michaeldemp,

The infection(s) on your PC are types that can disable various anti-virus & firewall applications.

Please download the following & save to your Desktop:
OTMoveIt2 by OldTimer.
OTScanIt.exe


Create an Uninstall list:
  • Open HijackThis, click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list.
This generates uninstall_list.txt in the same folder as HijackThis. I will need you to paste the text from this file, into a post later


Run OTMoveIt2:
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Windows\System32\Wnetlogin.exe
C:\Windows\System32\Cool.exe
C:\Windows\System32\Netapi32.exe
C:\Windows\System32\wnetmgr.exe
C:\Windows\System32\navinst.exe
C:\Windows\System32\syslog32.exe
C:\Windows\System32\wserv32.exe
C:\Windows\System32\svxhost.exe
C:\Program Files\spamfighter_550.exe
C:\Program Files\Hello651.exe
C:\Program Files\FirstClass-web.exe
C:\Program Files\wace26i.exe
C:\Program Files\FirstClass-web.exe
  • Return to OTMoveIt, right click on the "Paste list of Files/Folders to be moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Open Notepad
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
  • Paste the text into the Notepad file, click in the window and press Ctrl + V.
  • Click "Exit" to close OTMoveIt.
  • Save the text file as C:\otmove.txt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)


Install OTScanIt:
  • Double-click on OTScanIt.exe to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Make sure that the Non Microsoft option is clicked in the following Headings:
    • Processes
    • Services
    • Drivers
    • Registry
  • Click Yes under Rootkit scan
  • Make sure that you tick these in the Additional Scans box
    • Reg - BotCheck
    • Reg - Security Settings
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning large amounts of data so depending on your system it could take a while to complete.
  • When the scan is done Notepad will open with the report file loaded in it.
  • Save the file in the new OTScanIt folder as Scan1.txt
If the log is too large to post, use the Reply button, scroll down to the Attachments section and attach the Notepad file here.

Please post me the text from the uninstall_list.txt & the OTMoveIt run as well, C:\otmove.txt
  • 0

#7
michaeldemp
Posted 12 April 2008 - 12:34 PM

michaeldemp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks Sage. I will have to be wide awake to do all this and I am just going out to a party. So I'll attend to it as soon as I feel I can concentrate.

Many thanks for all your attention.

Mike
  • 0

#8
michaeldemp
Posted 17 April 2008 - 02:54 AM

michaeldemp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I am so sorry I haven't yet been able to give your advice the attention it deserves, Sage. I teach in HE and I have been marking all week; now I am working over the weekend. I will attend to the issue as soon as I can next week.

Mike
  • 0

#9
michaeldemp
Posted 25 April 2008 - 09:31 AM

michaeldemp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi. Better late than never! I attach the OT scan file, as requested. Below are the OT Move It run and the Hijack This Unistall log. I do hope this is what you wanted.

Mike

File/Folder C:\Windows\System32\Wnetlogin.exe not found.
File/Folder C:\Windows\System32\Cool.exe not found.
File/Folder C:\Windows\System32\Netapi32.exe not found.
File/Folder C:\Windows\System32\wnetmgr.exe not found.
File/Folder C:\Windows\System32\navinst.exe not found.
File/Folder C:\Windows\System32\syslog32.exe not found.
File/Folder C:\Windows\System32\wserv32.exe not found.
File/Folder C:\Windows\System32\svxhost.exe not found.
C:\Program Files\spamfighter_550.exe moved successfully.
C:\Program Files\Hello651.exe moved successfully.
C:\Program Files\FirstClass-web.exe moved successfully.
File/Folder C:\Program Files\wace261.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04252008_161250

______________________________________________________________________

Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.2
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI DVD Decoder 2.2.0.0
ATI Multimedia Center 8.6.0.0
ATI Remote Wonder 2.0
B630-4
Binatone ADSL500 USB Modem Network Adapter
BUM
Canon MP Navigator 2.2
Canon MP530
Canon Utilities Easy-PhotoPrint
CD-LabelPrint
Compatibility Pack for the 2007 Office system
Dan Elwell's Broadband Speed Test
DAO
Dazzle Software
DivX Decoder Filter
Dorling Kindersley Application Database v1.4
Dragon NaturallySpeaking Components
Easy-WebPrint
FirstClass® Client
Flickr Uploadr 3.0.5
getPlus®_ocx
Google Earth
Google Toolbar for Internet Explorer
Hello (remove only)
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HydraVision
Info-ZIP WiZ
iTunes
J2SE Runtime Environment 5.0 Update 4
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1
Kaspersky Anti-Virus 6.0 for Windows Workstations
Kaspersky Anti-Virus 6.0 for Windows Workstations
Keyboard Application 1.2
Macromedia Flash Player
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MGI PhotoSuite SE (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Office OneNote 2007
Microsoft Office OneNote 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero - Burning Rom
OmniPage SE 2.0
OnDVD
OU eTMA File Handler
OU eTMA File Handler (C:\Program Files\OUeTMAFileHandler\)
OU eTMA File Handler (C:\Program Files\OUeTMAFileHandler\) #3
OU eTMA File Handler (C:\Program Files\OUeTMAFileHandler\) #4
OU eTMA Monitor File Handler
OU eTMA Monitor File Handler (C:\Program Files\OUeTMAMonitorFileHandler\)
Pinnacle InstantCD/DVD Suite
PowerDVD
Presto! PageManager 7.15.11
QSR NVivo 2.0
QuickTime
Reader Drivers and Utilities
RealPlayer
Realtek AC'97 Audio
Registry First Aid
Route Planner 1.2
Safari
Security Update for Office 2007 (KB934062)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Spybot - Search & Destroy 1.3
SupaDial
Update for Office 2007 (KB932080)
Update for Office 2007 (KB946691)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
V92 PCI Voice Faxmodem
VIA Rhine-Family Fast Ethernet Adapter
Webcast
WebUpdate
WinAce Archiver
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
Yahoo! Companion

Attached Files


  • 0

#10
sage5
Posted 26 April 2008 - 07:09 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi michaeldemp,


Run the Fix:
  • Open the OTScanIT folder on the Desktop
  • Run OTScanIt.exe.
  • Copy all the text in the Code box below, and Paste it into the pane under the GREEN bar, titled Paste fix here and then click the green Run Fix button.


    [Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
YN -> (nwclnta) Network Client [Win32_Own | Auto | Stopped] -> 
YN -> (x10nets) X10 Device Network Service [Win32_Own | On_Demand | Stopped] -> 
[Driver Services - Non-Microsoft Only]
YN -> (catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\MICHAE~1\LOCALS~1\Temp\catchme.sys
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> SPAMfighter Agent -> %ProgramFiles%\SPAMfighter\SFAgent.exe ["C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: Main\\Start Page -> http://192.168.1.2/
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9}:{7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Homepage Protector]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} [HKEY_LOCAL_MACHINE] -> [Homepage Protector]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.]
YN -> {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC}[HKEY_LOCAL_MACHINE] -> http://www.fizzlewizzle.com/installfiles/popblocker.cab[Reg Error: Key does not exist or could not be opened.]
YN -> {9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38176.3219675926[Reg Error: Key does not exist or could not be opened.]
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpyWareKillerBKGD.jpg\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpyWareKillerBKGD.jpg\\.Owner -> {9B03C5F1-F5AB-47EE-937D-A8EDA626F876}
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpyWareKillerBKGD.jpg\\{9B03C5F1-F5AB-47EE-937D-A8EDA626F876} -> 
[Registry - Additional Scans - Non-Microsoft Only]
< Security Settings > -> 
NY -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll]
[Files/Folders - Created Within 30 days]
NY -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> jvpmdkka.exe -> C:\Documents and Settings\Michael Dempsey\Local Settings\Temp\jvpmdkka.exe
NY -> 3 C:\Documents and Settings\Michael Dempsey\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Michael Dempsey\Local Settings\Temp\*.tmp
[Extra Files]
Purity
[Empty Temp Folders]

  • The fix should only take a very short time.
  • When the fix is done, click the OK button in the message box.
  • Notepad will open with a log of actions taken during the fix.
    This file is saved in the Moved Files folder and is named in date_time format (mmddyyyy_hhmmss.log format, so e.g. 04012008_082852.log)
  • I need you to Post the text from that file back here.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

Advertisements

#11
michaeldemp
Posted 28 April 2008 - 07:35 AM

michaeldemp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hello Sage. Thanks again. Below is the text from the OTScanIt process. IE still takes a minute and a half to open but there are no other obvious problems.

Mike
________________________________________________________________________________
_______

[Win32 Services - Non-Microsoft Only]
Service nwclnta stopped successfully.
Service x10nets stopped successfully.
[Driver Services - Non-Microsoft Only]
Service catchme stopped successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SPAMfighter Agent deleted successfully.
C:\Program Files\SPAMfighter\SFAgent.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9}\ not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\Contains\Files\ not found.
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC}\Contains\Files\ not found.
C:\WINDOWS\Downloaded Program Files\searchbar.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpyWareKillerBKGD.jpg\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpyWareKillerBKGD.jpg not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpyWareKillerBKGD.jpg not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wuauserv.dll
C:\WINDOWS\system32\wuauserv.dll NOT unregistered.
C:\WINDOWS\system32\wuauserv.dll moved successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\msdownld.tmp folder deleted successfully.
[Files/Folders - Modified Within 30 days]
C:\Documents and Settings\Michael Dempsey\Local Settings\Temp\jvpmdkka.exe moved successfully.
File delete failed. C:\Documents and Settings\Michael Dempsey\Local Settings\Temp\~DFD18C.tmp scheduled to be deleted on reboot.
[Extra Files]
< Purity >
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Michael Dempsey\Local Settings\Temp\~DFD18C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Michael Dempsey\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.11.5 fix logfile created on 04282008_142657

Files moved on Reboot...
C:\Documents and Settings\Michael Dempsey\Local Settings\Temp\~DFD18C.tmp moved successfully.
C:\Documents and Settings\Michael Dempsey\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
  • 0

#12
sage5
Posted 28 April 2008 - 11:52 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi michaeldemp,


Try the following, I have used it with some succes recently:

1. Go to Ad/Remove Progrmas & uninstall IE7

2, System File Checker:
  • Go to Start > Run and type sfc /scannow (Note the space between the c & the /)
  • /scannow starts the System File Checker immediately.
  • You will probably need your Windows XP CD to be handy as it may be required.
    If you have Service Pack 2 installed, you will need the SP2 version of the CD. This can be done with a borrowed CD, if you don't have one.
  • Allow the scan to run and when complete reboot the system

3. After reboot re-iintall IE7 using the Windows Update feature. Available from Start > Help & Support > Pick a Task

Let me know how you get on.
  • 0

#13
michaeldemp
Posted 29 April 2008 - 03:36 AM

michaeldemp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks a lot for this. I don't have a CD of XP with service pack 2. I have asked a friend if she can lend me one.

Will this involve a system restore, involving my having to re-install everything else? Anxious to avoid that if poss!

I must say that all the other oddities that had been bothering me about the computer recently have disappeared so thanks for that. It's just IE that won't play ball.

Mike
  • 0

#14
sage5
Posted 29 April 2008 - 09:50 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts

Will this involve a system restore, involving my having to re-install everything else? Anxious to avoid that if poss!



No, the System File Checker will only restore any system files that have been corrupted, by the infection. So no mass reinstall will be necessary.

Also, you are not going to need to reactivate WinXP, nor are you going to interfere with your friend's exixsting WinXP licence.

Cheers,

sage5
  • 0

#15
michaeldemp
Posted 02 May 2008 - 03:58 AM

michaeldemp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi. I can get a CD of XP with SP1, plus a separate CD of SP2. Will that be OK?

Mike
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP