IE won't follow link clicked on

mrlanceromance · 2008/01/21

When I google something the results are displayed like normal but when I click on a link I am directed to a different random site. Then I click back and re click the site I want and it goes like it should, EVERY TIME! I've been putting up with it till now cause I can get around it but I can't take it anymore.
I have always been able to fix my own problems with ad-aware or trend micro's house call but I have tried both of them as well as AVG anti virus and AVG anti-spyware, spybot search and destroy but still have the same problem. I've researched on here and other sites for hours and have come up empty handed or confused save posting the log from Hijack This, so here it is.
PLEASE help.

Lance

Deckard's System Scanner v20071014.68
Run by Lance on 2008-01-21 20:25:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
8: 2008-01-22 04:26:22 UTC - RP612 - Deckard's System Scanner Restore Point
7: 2008-01-21 22:51:02 UTC - RP611 - System Checkpoint
6: 2008-01-20 21:33:25 UTC - RP610 - Installed Ad-Aware 2007
5: 2008-01-19 18:46:45 UTC - RP609 - System Checkpoint
4: 2008-01-18 12:45:34 UTC - RP608 - System Checkpoint

-- First Restore Point --
1: 2008-01-14 19:12:04 UTC - RP605 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 480 MiB (512 MiB recommended).

-- HijackThis (run as Lance.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-21 20:27:27
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lance\Local Settings\Temporary Internet Files\Content.IE5\A3K41TZM\dss[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {722a5f13-7070-483f-9704-a6be364cf62c} - C:\WINDOWS\system32\drmoxy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} () - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{10E7D927-435C-4F08-BDB6-5AA9AFB70B2D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1911CF7-8945-465E-B458-AA1448501D63}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{E511D5A8-0D3F-4FA3-90A1-D03CAAFB76D8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: drmoxy - C:\WINDOWS\system32\drmoxy.dll (file missing)
O22 - SharedTaskScheduler: haiduk - {96773c21-1b6b-4db0-8fe8-0c59f3c8a355} - C:\WINDOWS\system32\nieyn.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Print Spooler Service (ueuge1tmy) - Unknown owner - C:\WINDOWS\system32\hpjtlk.exe /service
O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\system32\dmzss.exe

--
End of file - 9079 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2400>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2400>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2400>
S3 RT73 (D-Link USB Wireless LAN Card Driver) - c:\windows\system32\drivers\dr71wu.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>
S3 usbser (Motorola USB Modem Driver) - c:\windows\system32\drivers\usbser.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 ueuge1tmy (Print Spooler Service) - c:\windows\system32\hpjtlk.exe /service (file missing)
S2 Windows Management Service - c:\windows\system32\dmzss.exe -service
S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Lance's slider!
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Lance's slider!
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

-- Scheduled Tasks -------------------------------------------------------------

2008-01-21 03:00:00 298 --a------ C:\WINDOWS\Tasks\AVG Anti-Spyware.job
2008-01-15 03:02:00 260 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job

-- Files created between 2007-12-21 and 2008-01-21 -----------------------------

2008-01-21 14:18:23 164 --a------ C:\install.dat
2008-01-20 14:11:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-20 13:33:31 0 d-------- C:\Program Files\Lavasoft
2008-01-20 13:33:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-20 13:31:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-21 11:59:38 0 d-------- C:\Documents and Settings\Lance\.housecall6.6
2007-12-21 11:57:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7

-- Find3M Report ---------------------------------------------------------------

2008-01-20 13:31:23 0 d-------- C:\Program Files\Common Files
2008-01-17 21:43:33 0 d-------- C:\Program Files\PokerStars
2008-01-13 13:47:06 0 d-------- C:\Program Files\e-Sword
2008-01-09 17:11:41 2828 --ahs--c- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-01 18:16:08 0 d-------- C:\Documents and Settings\Lance\Application Data\Adobe
2007-12-10 21:19:00 0 d-------- C:\Documents and Settings\Lance\Application Data\uTorrent
2007-12-10 15:46:02 0 d-------- C:\Program Files\UltimateBet
2007-11-21 19:43:39 2783 --a------ C:\Documents and Settings\Lance\Application Data\NMM-MetaData.db
2007-10-23 06:46:36 19456 --a------ C:\WINDOWS\system32\151007.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{722a5f13-7070-483f-9704-a6be364cf62c}]
C:\WINDOWS\system32\drmoxy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio "= "cmicnfg.cpl" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 04:46 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf "=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll "
"nlhr "=RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
"tscuninstall "=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon "=0 (0x0)
"NoLowDiskSpaceChecks "=1 (0x1)
"NoSMConfigurePrograms "=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon "=0 (0x0)
"NoLowDiskSpaceChecks "=1 (0x1)
"NoSMConfigurePrograms "=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{96773c21-1b6b-4db0-8fe8-0c59f3c8a355} "= C:\WINDOWS\system32\nieyn.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System "= "csxzc.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\drmoxy]
drmoxy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

-- End of Deckard's System Scanner: finished at 2008-01-21 20:28:22 ------------

noahdfear · 2008/01/22

Welcome to WindowsBBS Lance

Lets see if we can get things straightened out. Download ComboFix by sUBs from here, saving the file to your desktop.

It's best disable realtime protection applications as they sometime interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**Make sure you Save ComboFix to your desktop. You also need to download Deckard's System Scanner again and Save it to your desktop. Appears you clicked open instead of save and it ran from a temporary folder.

mrlanceromance · 2008/01/23

noahdfear ROCKS

Thank you, thank you, thank you. The Combo fix seems to have fixed the problem. It hung the first time and never did post a log or set my time back to the correct format like it said it would but the Internet works properly now.
I have to ask, why do you help people on here? Short of the thank you's received from people like me and it seems like there are lots of them, what gratification is there. Seems like a lot of time spent for free..
Again, thank you.

Lance

noahdfear · 2008/01/23

I'm happy to hear your problems seem to be resolved, however, I suspect there are still some things left to do. A recent update to ComboFix introduced a minor bug, which was most likely the cause of no log being generated for you. It has been updated to fix that bug, so please download a new copy and run it again as described above, then post the requested logs.

mrlanceromance · 2008/01/26

Combo fix log

ComboFix 08-01-23.1C - Lance 2008-01-26 10:08:44.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.229 [GMT -8:00]
Running from: C:\Documents and Settings\Lance\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Lance\Application Data\macromedia\Flash Player\#SharedObjects\Y6LV4JZE\www.broadcaster.com
C:\Documents and Settings\Lance\Application Data\macromedia\Flash Player\#SharedObjects\Y6LV4JZE\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Lance\Application Data\macromedia\Flash Player\#SharedObjects\Y6LV4JZE\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Lance\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Lance\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\151007.exe
C:\WINDOWS\system32\kernel32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_WINDOWS_MANAGEMENT_SERVICE
-------\Windows Management Service

((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-26 10:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 22:20 . 2008-01-22 22:20 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-01-22 22:20 . 2008-01-22 22:20 <DIR> d-------- C:\WINDOWS\srchasst
2008-01-22 22:20 . 2008-01-22 22:20 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-01-21 20:25 . 2008-01-21 20:25 <DIR> d-------- C:\Deckard
2008-01-21 14:18 . 2008-01-21 14:18 164 --a------ C:\install.dat
2008-01-20 13:33 . 2008-01-20 13:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-20 13:31 . 2008-01-20 13:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 00:25 . 2008-01-02 08:32 3,364 --a------ C:\PokerStars.log.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 13:49 --------- d-----w C:\Program Files\PokerStars
2008-01-13 21:47 --------- d-----w C:\Program Files\e-Sword
2007-12-21 19:59 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-10 23:46 --------- d-----w C:\Program Files\UltimateBet
1999-04-16 09:28 151,552 ----a-r C:\WINDOWS\inf\Agfa\Message.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{722a5f13-7070-483f-9704-a6be364cf62c}]
C:\WINDOWS\system32\drmoxy.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio "= "cmicnfg.cpl" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf "= "cmd.exe" [2004-08-03 22:56 388608 C:\WINDOWS\system32\cmd.exe]
"nlhr "= "C:\WINDOWS\System32\AdvPack.Dll" [2004-08-03 22:56 99840]
"tscuninstall "= "C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 20:59 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms "= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{96773c21-1b6b-4db0-8fe8-0c59f3c8a355} "= C:\WINDOWS\system32\nieyn.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System "= "csxzc.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\drmoxy]
drmoxy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=

S2 ueuge1tmy;Print Spooler Service;C:\WINDOWS\system32\hpjtlk.exe []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 11:00:00 C:\WINDOWS\Tasks\AVG Anti-Spyware.job "
- C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe
"2008-01-22 11:02:00 C:\WINDOWS\Tasks\Disk Cleanup.job "
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 10:15:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 10:19:04 - machine was rebooted [Lance]
ComboFix-quarantined-files.txt 2008-01-26 18:18:35

noahdfear · 2008/01/26

Couple of things that concern me.

C:\WINDOWS\inf\Agfa\Message.exe << are you familiar with this file?

C:\Program Files\microsoft frontpage << did you install frontpage?

Let's clean up a few other things.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{722a5f13-7070-483f-9704-a6be364cf62c}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
 "{96773c21-1b6b-4db0-8fe8-0c59f3c8a355} "=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
 "System "=" "
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\drmoxy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
 "AppInit_DLLs "=" "
Driver::
ueuge1tmy
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

mrlanceromance · 2008/01/26

Hijackthis and combo fix logs

Couple of things that concern me.

C:\WINDOWS\inf\Agfa\Message.exe << are you familiar with this file?

C:\Program Files\microsoft frontpage << did you install frontpage?

NOPE and NOPE
The only thing agfa brings to mind was a scanner that I no longer have.

ComboFix 08-01-23.1C - Lance 2008-01-26 16:29:25.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.256 [GMT -8:00]
Running from: C:\Documents and Settings\Lance\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lance\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-26 10:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 22:20 . 2008-01-22 22:20 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-01-22 22:20 . 2008-01-22 22:20 <DIR> d-------- C:\WINDOWS\srchasst
2008-01-22 22:20 . 2008-01-22 22:20 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-01-21 20:25 . 2008-01-21 20:25 <DIR> d-------- C:\Deckard
2008-01-21 14:18 . 2008-01-21 14:18 164 --a------ C:\install.dat
2008-01-20 13:33 . 2008-01-20 13:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-20 13:31 . 2008-01-20 13:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 00:25 . 2008-01-02 08:32 3,364 --a------ C:\PokerStars.log.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 13:49 --------- d-----w C:\Program Files\PokerStars
2008-01-13 21:47 --------- d-----w C:\Program Files\e-Sword
2007-12-21 19:59 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-10 23:46 --------- d-----w C:\Program Files\UltimateBet
1999-04-16 09:28 151,552 ----a-r C:\WINDOWS\inf\Agfa\Message.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-26_10.18.05.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 18:08:16 245,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-27 00:28:54 245,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-26 18:08:17 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-27 00:28:54 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-26 18:08:19 5,337,088 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-27 00:28:55 5,337,088 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-26 18:08:20 176,128 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-27 00:28:56 176,128 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-26 18:08:20 245,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-27 00:28:56 245,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-26 18:08:20 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-27 00:28:56 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{722a5f13-7070-483f-9704-a6be364cf62c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio "= "cmicnfg.cpl" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf "= "cmd.exe" [2004-08-03 22:56 388608 C:\WINDOWS\system32\cmd.exe]
"nlhr "= "C:\WINDOWS\System32\AdvPack.Dll" [2004-08-03 22:56 99840]
"tscuninstall "= "C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 20:59 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms "= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\drmoxy]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 11:00:00 C:\WINDOWS\Tasks\AVG Anti-Spyware.job "
- C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe
"2008-01-22 11:02:00 C:\WINDOWS\Tasks\Disk Cleanup.job "
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 16:35:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 16:39:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 00:39:09
ComboFix2.txt 2008-01-26 18:19:04

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:55 PM, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10E7D927-435C-4F08-BDB6-5AA9AFB70B2D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1911CF7-8945-465E-B458-AA1448501D63}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E511D5A8-0D3F-4FA3-90A1-D03CAAFB76D8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{10E7D927-435C-4F08-BDB6-5AA9AFB70B2D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{10E7D927-435C-4F08-BDB6-5AA9AFB70B2D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6357 bytes

noahdfear · 2008/01/26

Where's your antivirus program?? tsk tsk

Is that software for that scanner still listed in Add/Remove programs?

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
Folder::
C:\Program Files\microsoft frontpage
DirLook::
C:\WINDOWS\inf\Agfa\Message.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{722a5f13-7070-483f-9704-a6be364cf62c}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\drmoxy]
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

mrlanceromance · 2008/01/26

combo fix log

ComboFix 08-01-23.1C - Lance 2008-01-26 20:12:36.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.273 [GMT -8:00]
Running from: C:\Documents and Settings\Lance\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lance\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\microsoft frontpage . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-26 20:16 . 2008-01-26 20:16 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-01-26 16:41 . 2008-01-26 16:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 10:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 22:20 . 2008-01-22 22:20 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-01-22 22:20 . 2008-01-22 22:20 <DIR> d-------- C:\WINDOWS\srchasst
2008-01-21 20:25 . 2008-01-21 20:25 <DIR> d-------- C:\Deckard
2008-01-21 14:18 . 2008-01-21 14:18 164 --a------ C:\install.dat
2008-01-20 13:33 . 2008-01-20 13:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-20 13:31 . 2008-01-20 13:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 00:25 . 2008-01-02 08:32 3,364 --a------ C:\PokerStars.log.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 13:49 --------- d-----w C:\Program Files\PokerStars
2008-01-13 21:47 --------- d-----w C:\Program Files\e-Sword
2007-12-21 19:59 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-10 23:46 --------- d-----w C:\Program Files\UltimateBet
1999-04-16 09:28 151,552 ----a-r C:\WINDOWS\inf\Agfa\Message.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\inf\Agfa\Message.exe ----

C:\WINDOWS\inf\Agfa\Message.exe\

((((((((((((((((((((((((((((( snapshot@2008-01-26_10.18.05.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 18:08:16 245,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-27 04:12:24 245,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-26 18:08:17 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-27 04:12:25 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-26 18:08:19 5,337,088 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-27 04:12:26 5,337,088 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-26 18:08:20 176,128 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-27 04:12:27 176,128 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-26 18:08:20 245,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-27 04:12:27 245,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-26 18:08:20 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-27 04:12:27 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio "= "cmicnfg.cpl" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf "= "cmd.exe" [2004-08-03 22:56 388608 C:\WINDOWS\system32\cmd.exe]
"nlhr "= "C:\WINDOWS\System32\AdvPack.Dll" [2004-08-03 22:56 99840]
"tscuninstall "= "C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 20:59 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms "= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms "= 1 (0x1)

.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 11:00:00 C:\WINDOWS\Tasks\AVG Anti-Spyware.job "
- C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe
"2008-01-22 11:02:00 C:\WINDOWS\Tasks\Disk Cleanup.job "
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 20:18:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 20:21:41 - machine was rebooted [Lance]
ComboFix-quarantined-files.txt 2008-01-27 04:21:12
ComboFix2.txt 2008-01-27 00:39:32
ComboFix3.txt 2008-01-26 18:19:04

noahdfear · 2008/01/26

Hmmm ......... failed to delete the microsoft frontpage folder. Now that's odd. Lets see what's in it, and get rid of that Agfa folder.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
Folder::
C:\WINDOWS\inf\Agfa\Message.exe
DirLook::
C:\Program Files\microsoft frontpage
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh Hijackthis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

mrlanceromance · 2008/01/26

ComboFix 08-01-23.1C - Lance 2008-01-26 20:51:47.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.266 [GMT -8:00]
Running from: C:\Documents and Settings\Lance\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lance\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\inf\Agfa\Message.exe\

.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-26 20:16 . 2008-01-26 20:16 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-01-26 16:41 . 2008-01-26 16:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 10:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 22:20 . 2008-01-22 22:20 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-01-22 22:20 . 2008-01-22 22:20 <DIR> d-------- C:\WINDOWS\srchasst
2008-01-21 20:25 . 2008-01-21 20:25 <DIR> d-------- C:\Deckard
2008-01-21 14:18 . 2008-01-21 14:18 164 --a------ C:\install.dat
2008-01-20 13:33 . 2008-01-20 13:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-20 13:31 . 2008-01-20 13:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 00:25 . 2008-01-02 08:32 3,364 --a------ C:\PokerStars.log.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 13:49 --------- d-----w C:\Program Files\PokerStars
2008-01-13 21:47 --------- d-----w C:\Program Files\e-Sword
2007-12-21 19:59 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-10 23:46 --------- d-----w C:\Program Files\UltimateBet
1999-04-16 09:28 151,552 ----a-r C:\WINDOWS\inf\Agfa\Message.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\microsoft frontpage ----

((((((((((((((((((((((((((((( snapshot@2008-01-26_10.18.05.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 18:08:16 245,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-27 04:51:39 245,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-26 18:08:17 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-27 04:51:39 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-26 18:08:19 5,337,088 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-27 04:51:40 5,337,088 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-26 18:08:20 176,128 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-27 04:51:40 176,128 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-26 18:08:20 245,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-27 04:51:40 245,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-26 18:08:20 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-27 04:51:41 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio "= "cmicnfg.cpl" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf "= "cmd.exe" [2004-08-03 22:56 388608 C:\WINDOWS\system32\cmd.exe]
"nlhr "= "C:\WINDOWS\System32\AdvPack.Dll" [2004-08-03 22:56 99840]
"tscuninstall "= "C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 20:59 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms "= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms "= 1 (0x1)

.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 11:00:00 C:\WINDOWS\Tasks\AVG Anti-Spyware.job "
- C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe
"2008-01-22 11:02:00 C:\WINDOWS\Tasks\Disk Cleanup.job "
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 20:53:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 20:55:13
ComboFix-quarantined-files.txt 2008-01-27 04:54:27
ComboFix2.txt 2008-01-27 04:21:42
ComboFix3.txt 2008-01-27 00:39:32
ComboFix4.txt 2008-01-26 18:19:04

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:07 PM, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10E7D927-435C-4F08-BDB6-5AA9AFB70B2D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1911CF7-8945-465E-B458-AA1448501D63}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E511D5A8-0D3F-4FA3-90A1-D03CAAFB76D8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{10E7D927-435C-4F08-BDB6-5AA9AFB70B2D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{10E7D927-435C-4F08-BDB6-5AA9AFB70B2D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6357 bytes

noahdfear · 2008/01/27

Well, that C:\Program Files\microsoft frontpage folder appears to be empty. Can you delete it manually? If not, do you know how to take ownership of the folder and grant yourself full access?

Everything else seem to working OK?

Either you have opted to use open dns or Spybot detected an infection and changed your dns settings. Not necessarily a problem, but you can reset them if you like. Let me know and I can give you instructions if needed.

mrlanceromance · 2008/01/27

Yes everything seems to be running smoothly. I don't actually know what dns settings would affect so I don't have a preferance. If they should be changed I'd gladly change them. There is one other question that I have. When I visit the weather network via my favorites in the morning, close the window and then open a new window later in the day and navigate to that page the same way, through favorites, it will not be an updated version of the page. I have to manually refresh the page. How do I change that?

When trying to delete frontpage
Error deleting file or folder
Cannot delete bin: It is being used by another person or program.
Close any programs that might be using the file and try again.

I thought I was the administrator on this machine
As you may have gathered by now my understanding of windows is limited.
Once again, Thankyou

mrlanceromance · 2008/01/27

If not, do you know how to take ownership of the folder and grant yourself full access?

Ya, no idea
Lance

noahdfear · 2008/01/28

Permissions/ownership is a bit easier since you have XP Pro.

Open C:\Program Files

Click Tools>Folder Options from the Toolbar

Select the View tab

Scroll down to and deselect 'Use simple file sharing'

Click OK

Now right click the microsoft frontpage folder and select Properties

Select the Security tab

Click Advanced, then select the Owner tab

Select your username in the list, check the box to 'Replace owner on subcontainers and objects', then click Apply, then OK

Now back on the Properties dialog, Security tab, if your username is listed, select it then check below that you have Full control in the Allow column

If your username is not listed, click Add

Type your username in the 'Enter the object names to select' field, then click Check Names

Your computername\username will populate in the field

Click OK

Your name will now be listed, and you need to select it then verify Full Control

Click OK to exit the Properties dialog

Now see if you can delete the folder.

Lets reset the dns settings. You need to access the Network connections.
If you have an icon for your connection by the clock, right click the icon and select 'Open Network Connections'
or
Click Start and select Connect To>Show all connections, if available
or
Open the Control Panel and select Network Connections if in Classic View, or Network and Internet connections>Network Connections if in Category View
or
Click Start>Run and type ncpa.cpl then hit Enter

Right click your connection icon, usually named Local Area Connection for a broadband connection, then select Properties

Select Internet Protocol (TCP/IP) in the list, then click Properties

Select the Obtain Automatic for both IP Address and DNS Server Address if selected otherwise

Click OK, then click OK again

I would guess that a cached page is being loaded when you re-visit the weather site. It might help to set the space used for Temporary Internet Files lower, which is recommended anyway.

In a browser window, click Tools>Internet Options on the Toolbar

In the Temporary Internet Files section, click Settings

Select the 'Every visit to the page' option, then enter 50 for the number of MB to use

Click OK

Now click Delete Files, check the popup box for Offline Files, the click OK

Click OK to close the Internet Options dialog

mrlanceromance · 2008/01/28

Permissions/ownership is a bit easier since you have XP Pro.
Open C:\Program Files
Click Tools>Folder Options from the Toolbar
Select the View tab
Scroll down to and deselect 'Use simple file sharing'
Click OK
Now right click the microsoft frontpage folder and select Properties

This is where I got lost - There is no security tab.

'Every visit to the page' option - fixed that problem

dns settings are reset

I am going to download AVG anti-Virus now

noahdfear · 2008/01/29

Please make sure that you deselected Use Simple File Sharing. It might have already been unchecked and you may have checked it instead. If it is indeed unchecked, try restarting the computer then check for the Security tab.

Log in or Sign up

IE won't follow link clicked on

mrlanceromance Inactive Thread Starter

noahdfear Inactive

mrlanceromance Inactive Thread Starter

noahdfear Inactive

mrlanceromance Inactive Thread Starter

noahdfear Inactive

mrlanceromance Inactive Thread Starter

noahdfear Inactive

mrlanceromance Inactive Thread Starter

noahdfear Inactive

mrlanceromance Inactive Thread Starter

noahdfear Inactive

mrlanceromance Inactive Thread Starter

mrlanceromance Inactive Thread Starter

noahdfear Inactive

mrlanceromance Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

IE won't follow link clicked on

mrlanceromance Inactive Thread Starter

noahdfear Inactive

mrlanceromance Inactive Thread Starter

noahdfear Inactive

mrlanceromance Inactive Thread Starter

noahdfear Inactive

mrlanceromance Inactive Thread Starter

noahdfear Inactive

mrlanceromance Inactive Thread Starter

noahdfear Inactive

mrlanceromance Inactive Thread Starter

noahdfear Inactive

mrlanceromance Inactive Thread Starter

mrlanceromance Inactive Thread Starter

noahdfear Inactive

mrlanceromance Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches